mirror.MikroTik/socialwifi.RouterOS-api
1
0
Fork 0
mirror of https://github.com/socialwifi/RouterOS-api.git synced 2025-08-30 22:59:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add full SSL documentation

Steve Haskew 2018-07-23 15:52:55 +01:00
parent f735450072
commit c9643afdc0
1 changed files with 12 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

21
How-to-use.md

@ -8,7 +8,7 @@ connection = routeros_api.RouterOsApiPool('IP', username='admin', password='')
api = connection.get_api()
```
### Connect Options
`routeros_api.RouterOsApiPool(host, username='admin', password='', port=8728)`
`routeros_api.RouterOsApiPool(host, username='admin', password='', port=8728, use_ssl=False, ssl_verify=True, ssl_verify_hostname=True, ssl_context=None)`
Parameters:
* host - String - Hostname or IP of device
@ -16,20 +16,23 @@ Parameters:
Optional Parameters:
* username - String - Login username - Default 'admin'
* password - String - Login password - Default empty string
* port - Integer - TCP Port for API - Default 8728
### Proposed SSL Options (pending merge of PR)
`routeros_api.RouterOsApiPool(host, username='admin', password='', port=8728, use_ssl=False, ssl_verify=True, ssl_verify_hostname=True, ca_cert=None)`
Changed Parameters
* port - Integer - TCP Port for API - Default 8728 or 8729 when using SSL
New Optional Parameters
* use_ssl - Boolean - Use SSL or not? - Default **False**
* ssl_verify - Boolean - Verify the SSL certificate? - Default **True**
* ssl_verify_hostname - Boolean - Verify the SSL certificate hostname matches? - Default **True**
* ssl_context - Object - Pass in a custom SSL context object. Overrides other options. - Default **None**
### Using SSL
If we want to use SSL, we can simply specify use_ssl as true:
`connection = routeros_api.RouterOsApiPool('<IP>', username='admin', password='', use_ssl=True)`
This will automatically verify SSL certificate and hostname. The most flexible way to modify SSL parameters is to provide an SSL Context object using the ssl_context parameter, but for typical use-cases with self-signed certificates, the shorthand options of ssl_verify and ssl_verify_hostname are provided.
e.g. if using a self-signed certificate, you can (but probably shouldn't) use:
`connection = routeros_api.RouterOsApiPool('<IP>', username='admin', password='', use_ssl=True, ssl_verify=False, ssl_verify_hostname=False)`
### Proposed New Login Options (pending merge of PR)
RouterOS Versions >v6.43 now use a different login method. The disadvantage is that it passes the password in plain text. The best auto-detection also sends the password in plain text at the start, even if the device doesn't support it. Therefore to maintain security we only attempt the new login type when insecure_login is set.