From b6a021dabdfc48cd7b0af11765cf36d5cf17b371 Mon Sep 17 00:00:00 2001
From: grossmj <grossmj@gns3.net>
Date: Tue, 27 Oct 2020 23:25:19 +1030
Subject: [PATCH] Fix SSL support for controller and local compute. Fixes #1826

---
 gns3server/controller/__init__.py | 11 +++++++++--
 gns3server/controller/compute.py  |  8 ++++++--
 gns3server/web/web_server.py      | 16 +++++++++++-----
 3 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/gns3server/controller/__init__.py b/gns3server/controller/__init__.py
index 82910589..d3a3489b 100644
--- a/gns3server/controller/__init__.py
+++ b/gns3server/controller/__init__.py
@@ -81,16 +81,23 @@ class Controller:
             name = "Main server"
 
         computes = self._load_controller_settings()
+        from gns3server.web.web_server import WebServer
+        ssl_context = WebServer.instance().ssl_context()
+        protocol = server_config.get("protocol", "http")
+        if ssl_context and protocol != "https":
+            log.warning("Protocol changed to 'https' for local compute because SSL is enabled".format(port))
+            protocol = "https"
         try:
             self._local_server = await self.add_compute(compute_id="local",
                                                         name=name,
-                                                        protocol=server_config.get("protocol", "http"),
+                                                        protocol=protocol,
                                                         host=host,
                                                         console_host=console_host,
                                                         port=port,
                                                         user=server_config.get("user", ""),
                                                         password=server_config.get("password", ""),
-                                                        force=True)
+                                                        force=True,
+                                                        ssl_context=ssl_context)
         except aiohttp.web.HTTPConflict:
             log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port))
             sys.exit(1)
diff --git a/gns3server/controller/compute.py b/gns3server/controller/compute.py
index 39eb961b..117a71e3 100644
--- a/gns3server/controller/compute.py
+++ b/gns3server/controller/compute.py
@@ -57,7 +57,8 @@ class Compute:
     A GNS3 compute.
     """
 
-    def __init__(self, compute_id, controller=None, protocol="http", host="localhost", port=3080, user=None, password=None, name=None, console_host=None):
+    def __init__(self, compute_id, controller=None, protocol="http", host="localhost",
+                 port=3080, user=None, password=None, name=None, console_host=None, ssl_context=None):
         self._http_session = None
         assert controller is not None
         log.info("Create compute %s", compute_id)
@@ -81,6 +82,7 @@ class Compute:
         self._cpu_usage_percent = None
         self._memory_usage_percent = None
         self._last_error = None
+        self._ssl_context = ssl_context
         self._capabilities = {
             "version": None,
             "node_types": []
@@ -92,7 +94,9 @@ class Compute:
 
     def _session(self):
         if self._http_session is None or self._http_session.closed is True:
-            self._http_session = aiohttp.ClientSession(connector=aiohttp.TCPConnector(limit=None, force_close=True))
+            self._http_session = aiohttp.ClientSession(connector=aiohttp.TCPConnector(limit=None,
+                                                                                      force_close=True,
+                                                                                      ssl_context=self._ssl_context))
         return self._http_session
 
     #def __del__(self):
diff --git a/gns3server/web/web_server.py b/gns3server/web/web_server.py
index 72f422d4..4e07fd69 100644
--- a/gns3server/web/web_server.py
+++ b/gns3server/web/web_server.py
@@ -64,6 +64,7 @@ class WebServer:
         self._start_time = time.time()
         self._running = False
         self._closing = False
+        self._ssl_context = None
 
     @staticmethod
     def instance(host=None, port=None):
@@ -88,7 +89,6 @@ class WebServer:
             return False
         return True
 
-
     async def reload_server(self):
         """
         Reload the server.
@@ -96,7 +96,6 @@ class WebServer:
 
         await Controller.instance().reload()
 
-
     async def shutdown_server(self):
         """
         Cleanly shutdown the server.
@@ -147,6 +146,13 @@ class WebServer:
 
         self._loop.stop()
 
+    def ssl_context(self):
+        """
+        Returns the SSL context for the server.
+        """
+
+        return self._ssl_context
+
     def _signal_handling(self):
 
         def signal_handler(signame, *args):
@@ -255,12 +261,12 @@ class WebServer:
 
         server_config = Config.instance().get_section_config("Server")
 
-        ssl_context = None
+        self._ssl_context = None
         if server_config.getboolean("ssl"):
             if sys.platform.startswith("win"):
                 log.critical("SSL mode is not supported on Windows")
                 raise SystemExit
-            ssl_context = self._create_ssl_context(server_config)
+            self._ssl_context = self._create_ssl_context(server_config)
 
         self._loop = asyncio.get_event_loop()
 
@@ -307,7 +313,7 @@ class WebServer:
         log.info("Starting server on {}:{}".format(self._host, self._port))
 
         self._handler = self._app.make_handler()
-        if self._run_application(self._handler, ssl_context) is False:
+        if self._run_application(self._handler, self._ssl_context) is False:
             self._loop.stop()
             sys.exit(1)