simplified setupTLSContext()

In config.py _load_certificates() already makes sure that CERTIFICATE_DIR is set and if TLS is enbled that KEY and CERTIFICATE are supplied, here we only need to decide between a full 2 Way TLS context, either to start the server in TLS mode and/or be able to do TLS client authentication, or a simple TLS context that will only be able to verify the remote certificate in client requests.

simplified setupTLSContext()
e5e7c61f · Hans Trompert · 4fc830c1 · e5e7c61f
Commit e5e7c61f authored 3 years ago by Hans Trompert
--- a/opennsa/setup.py
+++ b/opennsa/setup.py
@@ -99,29 +99,16 @@ def setupBackend(backend_cfg, network_name, nrm_ports, parent_requester):
 def setupTLSContext(vc):
    # ssl/tls contxt
-    if vc[config.TLS]:
+    if vc[config.KEY] and vc[config.CERTIFICATE]:
-        log.msg('setup for full client/server TLS mode')
+        log.msg('setup full 2Way TLS context')
        from opennsa.opennsaTlsContext import opennsa2WayTlsContext
        ctx_factory = opennsa2WayTlsContext(
            vc[config.KEY], vc[config.CERTIFICATE], vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT])
-    elif vc[config.CERTIFICATE_DIR]:
-        # create a context so we can verify https urls
-        if not os.path.isdir(vc[config.CERTIFICATE_DIR]):
-            raise config.ConfigurationError(
-                'certdir value {} is not a directory'.format(vc[config.CERTIFICATE_DIR]))
-        if vc[config.KEY] and vc[config.CERTIFICATE]:
-            # enable client authentication even when not in TLS mode
-            log.msg('setup for client TLS mode with client authentication')
-            from opennsa.opennsaTlsContext import opennsa2WayTlsContext
-            ctx_factory = opennsa2WayTlsContext(
-                vc[config.KEY], vc[config.CERTIFICATE], vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT])
-        else:
-            from opennsa.opennsaTlsContext import opennsaTlsContext
-            log.msg('setup for client TLS mode without client authentication')
-            ctx_factory = opennsaTlsContext(
-                vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT])
    else:
-        ctx_factory = None
+        from opennsa.opennsaTlsContext import opennsaTlsContext
+        log.msg('setup client TLS context without client authentication')
+        ctx_factory = opennsaTlsContext(
+            vc[config.CERTIFICATE_DIR], vc[config.VERIFY_CERT])
    return ctx_factory