Skip to content

Commit

Permalink
Merge pull request splunk#588 from splunk/revert-585-VULN-17383
Browse files Browse the repository at this point in the history
Revert "use SSL DEFAULT CONTEX, use tls version min 1.2, allow for usage of S…"
  • Loading branch information
szymonjas authored Oct 21, 2024
2 parents 0acefc7 + 413657d commit c6f7d32
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 9 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
uses: actions/checkout@v3

- name: Run docker-compose
run: SPLUNK_VERSION=${{matrix.splunk-version}} docker compose up -d
run: SPLUNK_VERSION=${{matrix.splunk-version}} docker-compose up -d

- name: Setup Python
uses: actions/setup-python@v4
Expand Down
9 changes: 1 addition & 8 deletions splunklib/binding.py
Original file line number Diff line number Diff line change
Expand Up @@ -465,8 +465,6 @@ class Context:
:type scheme: "https" or "http"
:param verify: Enable (True) or disable (False) SSL verification for https connections.
:type verify: ``Boolean``
:param self_signed_certificate: Specifies if self signed certificate is used
:type self_signed_certificate: ``Boolean``
:param sharing: The sharing mode for the namespace (the default is "user").
:type sharing: "global", "system", "app", or "user"
:param owner: The owner context of the namespace (optional, the default is "None").
Expand Down Expand Up @@ -528,7 +526,6 @@ def __init__(self, handler=None, **kwargs):
self.bearerToken = kwargs.get("splunkToken", "")
self.autologin = kwargs.get("autologin", False)
self.additional_headers = kwargs.get("headers", [])
self._self_signed_certificate = kwargs.get("self_signed_certificate", True)

# Store any cookies in the self.http._cookies dict
if "cookie" in kwargs and kwargs['cookie'] not in [None, _NoAuthenticationToken]:
Expand Down Expand Up @@ -607,11 +604,7 @@ def connect(self):
"""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if self.scheme == "https":
context = ssl.create_default_context()
context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
context.check_hostname = not self._self_signed_certificate
context.verify_mode = ssl.CERT_NONE if self._self_signed_certificate else ssl.CERT_REQUIRED
sock = context.wrap_socket(sock, server_hostname=self.host)
sock = ssl.wrap_socket(sock)
sock.connect((socket.gethostbyname(self.host), self.port))
return sock

Expand Down

0 comments on commit c6f7d32

Please sign in to comment.