diff --git a/gns3server/controller/appliance_manager.py b/gns3server/controller/appliance_manager.py index f4932eae..76cadfbf 100644 --- a/gns3server/controller/appliance_manager.py +++ b/gns3server/controller/appliance_manager.py @@ -16,14 +16,12 @@ # along with this program. If not, see . import os -import sys import json import uuid import asyncio import aiohttp import shutil -import ssl -import certifi + try: import importlib_resources @@ -48,11 +46,6 @@ class ApplianceManager: self._appliances = {} self._appliances_etag = None - self._ssl_context = None - if hasattr(sys, "frozen"): - cacert = certifi.where() - self._ssl_context = ssl.create_default_context(cafile=cacert) - log.info("Using certificate authority (CA) bundle: {}".format(cacert)) @property def appliances_etag(self): @@ -181,7 +174,7 @@ class ApplianceManager: symbol_url = "https://raw.githubusercontent.com/GNS3/gns3-registry/master/symbols/{}".format(symbol) async with aiohttp.ClientSession() as session: - async with session.get(symbol_url, ssl=self._ssl_context) as response: + async with session.get(symbol_url) as response: if response.status != 200: log.warning("Could not retrieve appliance symbol {} from GitHub due to HTTP error code {}".format(symbol, response.status)) else: @@ -209,7 +202,6 @@ class ApplianceManager: async with aiohttp.ClientSession() as session: async with session.get( 'https://api.github.com/repos/GNS3/gns3-registry/contents/appliances', - ssl=self._ssl_context, headers=headers ) as response: if response.status == 304: diff --git a/gns3server/crash_report.py b/gns3server/crash_report.py index 48041f86..e1a01b2a 100644 --- a/gns3server/crash_report.py +++ b/gns3server/crash_report.py @@ -29,7 +29,6 @@ import struct import platform import locale import distro -import certifi from .version import __version__, __version_info__ from .config import Config @@ -73,14 +72,9 @@ class CrashReport: if SENTRY_SDK_AVAILABLE: # Don't send log records as events. sentry_logging = LoggingIntegration(level=logging.INFO, event_level=None) - cacert = None - if hasattr(sys, "frozen"): - cacert = certifi.where() - try: sentry_sdk.init(dsn=CrashReport.DSN, release=__version__, - ca_certs=cacert, default_integrations=False, integrations=[sentry_logging]) except Exception as e: diff --git a/gns3server/run.py b/gns3server/run.py index 2d0cf98b..8f054e9f 100644 --- a/gns3server/run.py +++ b/gns3server/run.py @@ -28,6 +28,16 @@ import locale import argparse import psutil +import logging +log = logging.getLogger(__name__) + + +try: + import truststore + truststore.inject_into_ssl() + log.info("Using system certificate store for SSL connections") +except ImportError: + pass from gns3server.web.web_server import WebServer from gns3server.web.logger import init_logger @@ -36,10 +46,6 @@ from gns3server.config import Config from gns3server.crash_report import CrashReport -import logging -log = logging.getLogger(__name__) - - def locale_check(): """ Checks if this application runs with a correct locale (i.e. supports UTF-8 encoding) and attempt to fix diff --git a/requirements.txt b/requirements.txt index 676fa94d..ba457a97 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ -certifi>=2023.7.22 jsonschema>=4.17.3,<4.18; python_version >= '3.7' jsonschema==3.2.0; python_version < '3.7' # v3.2.0 is the last version to support Python 3.6 aiohttp>=3.8.4,<3.9 @@ -13,5 +12,6 @@ async-timeout>=4.0.2,<4.1 distro>=1.8.0 py-cpuinfo>=9.0.0,<10.0 importlib-resources>=1.3; python_version <= '3.9' +truststore>=0.7.0; python_version >= '3.10' setuptools>=60.8.1; python_version >= '3.7' setuptools==59.6.0; python_version < '3.7' # v59.6.0 is the last version to support Python 3.6