diff --git a/stix_shifter_modules/stix_bundle/stix_transmission/connector.py b/stix_shifter_modules/stix_bundle/stix_transmission/connector.py index fe2800ff1..ce0fcdcbc 100644 --- a/stix_shifter_modules/stix_bundle/stix_transmission/connector.py +++ b/stix_shifter_modules/stix_bundle/stix_transmission/connector.py @@ -26,6 +26,7 @@ def __init__(self, connection, configuration): auth = BasicAuth(conf_auth['username'], conf_auth['password']) self.client = RestApiClientAsync(None, auth=auth, + cert_verify=connection.get('selfSignedCert', False), url_modifier_function=lambda host_port, endpoint, headers: f'{endpoint}') # We re-implement this method so we can fetch all the "bindings", as their method only diff --git a/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py b/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py index 36b69c6fe..7f970898a 100644 --- a/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py +++ b/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py @@ -75,7 +75,7 @@ def __init__(self, host, port=None, headers={}, url_modifier_function=None, cert if self.ssl_context: self.ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS) - self.ssl_context.verify_mode = ssl.CERT_OPTIONAL + self.ssl_context.verify_mode = ssl.CERT_REQUIRED self.ssl_context.check_hostname = True self.headers = headers @@ -98,7 +98,6 @@ async def call_api(self, endpoint, method, headers=None, cookies=None, data=None self.ssl_context.load_verify_locations(self.server_cert_name) except Exception as ex: self.logger.debug('Unable to load the certificate for ssl context. Reasons: Connection does not require certificate or unexpected exception while loading the certificate: ' + str(ex)) - self.ssl_context.verify_mode = ssl.CERT_REQUIRED url = None actual_headers = self.headers.copy()