kommentare eingefügt, fehlerbehandlung geändert

source/server/apistatusd.conf

@@ -14,11 +14,11 @@ loglevel = debug
 [server]
 host = localhost
 port = 10001
-cert = ./certs/server-pub.pem
+cert = ./certs/statusd-pub.pem
-key = ./certs/server-key.pem
+key = ./certs/statusd-key.pem
 
 [client]
-cert = ./certs/client-pub.pem
+cert = ./certs/statusclient-pub.pem
 
 [api]
 api = ./api

source/server/apistatusd.py

@@ -237,7 +237,7 @@ def main():
         sys.exit(1)
 
     context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-    context.verify_mode = ssl.CERT_REQUIRED
+    context.verify_mode = ssl.CERT_OPTIONAL
     context.load_cert_chain(certfile=config['server']['cert'],
                             keyfile=config['server']['key'])
     context.load_verify_locations(cafile=config['client']['cert'])

source/server/setstatus.py

@@ -58,6 +58,7 @@ class SetStatus:
 
     def check_status(self):
         """
+        checkes, if the self.status variable is a valid value
         return: boolean
         """
         if self.status in ('0', '1'):
@@ -68,6 +69,8 @@ class SetStatus:
 
     def set_config(self):
         """
+        Tries to read and use the values from the configuration file. If
+        this failes, we still use the default values.
         """
         self.log = logging.getLogger()
         # read config file
@@ -89,7 +92,8 @@ class SetStatus:
 
     def check_certs(self, certs):
         """
-        Check if certs readable.
+        Check if certs are readable.
+        return: boolean
         """
         self.log.debug('Check certificates')
         for certfile in certs:
@@ -111,25 +115,28 @@ class SetStatus:
 
     def create_ssl_context(self):
         """
+        Creates SSL context
+        return: context object or false
         """
-        context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
+        try:
-                                         cafile=self.config['server']['cert'])
+            context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
-        if not context:
+        except Exception as e:
             self.log.error('Failed to create SSL Context')
             return False
+        context.load_verify_locations(cafile=self.config['server']['cert'])
+        context.load_cert_chain(certfile=self.config['client']['cert'],
+                                keyfile=self.config['client']['key'])
         context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3
         context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0)
-        try:
-            context.load_cert_chain(certfile=self.config['client']['cert'],
-                                    keyfile=self.config['client']['key'])
-        except Exception as e:
-            self.log.error('Failed to load cert chain')
-            return False;
         self.log.debug('SSL context created')
         return context
 
     def create_ssl_socket(self, config, context):
         """
+        Opens a socket and wrapes the socket into the given ssl context.
+        param1: dictionary
+        param2: ssl context
+        return: ssl-socket or false
         """
         bare_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
         if not bare_socket:
@@ -210,7 +217,7 @@ class SetStatus:
         if self.context is False:
             exit(3)
 
-        # get connection
+        # get a ssl encrypted connection
         self.connection = self.create_ssl_connection()
 
         # send status