diff --git a/custom_components/mikrotik_router/config_flow.py b/custom_components/mikrotik_router/config_flow.py index 297679d..5bff1ae 100644 --- a/custom_components/mikrotik_router/config_flow.py +++ b/custom_components/mikrotik_router/config_flow.py @@ -15,6 +15,7 @@ from homeassistant.const import ( CONF_USERNAME, CONF_PASSWORD, CONF_SSL, + CONF_VERIFY_SSL, CONF_ZONE, STATE_HOME, ) @@ -59,6 +60,7 @@ from .const import ( DEFAULT_PORT, DEFAULT_DEVICE_NAME, DEFAULT_SSL, + DEFAULT_VERIFY_SSL, DEFAULT_SENSOR_NETWATCH_TRACKER, CONF_SENSOR_NETWATCH_TRACKER, ) @@ -115,6 +117,7 @@ class MikrotikControllerConfigFlow(ConfigFlow, domain=DOMAIN): password=user_input[CONF_PASSWORD], port=user_input[CONF_PORT], use_ssl=user_input[CONF_SSL], + ssl_verify=user_input[CONF_VERIFY_SSL], ) if not api.connect(): errors[CONF_HOST] = api.error @@ -135,6 +138,7 @@ class MikrotikControllerConfigFlow(ConfigFlow, domain=DOMAIN): CONF_PASSWORD: DEFAULT_USERNAME, CONF_PORT: DEFAULT_PORT, CONF_SSL: DEFAULT_SSL, + CONF_VERIFY_SSL: DEFAULT_VERIFY_SSL, }, errors=errors, ) @@ -154,6 +158,9 @@ class MikrotikControllerConfigFlow(ConfigFlow, domain=DOMAIN): vol.Required(CONF_PASSWORD, default=user_input[CONF_PASSWORD]): str, vol.Optional(CONF_PORT, default=user_input[CONF_PORT]): int, vol.Optional(CONF_SSL, default=user_input[CONF_SSL]): bool, + vol.Optional( + CONF_VERIFY_SSL, default=user_input[CONF_VERIFY_SSL] + ): bool, } ), errors=errors, diff --git a/custom_components/mikrotik_router/const.py b/custom_components/mikrotik_router/const.py index 371bac7..163572e 100644 --- a/custom_components/mikrotik_router/const.py +++ b/custom_components/mikrotik_router/const.py @@ -25,6 +25,7 @@ DEFAULT_USERNAME = "admin" DEFAULT_PORT = 0 DEFAULT_DEVICE_NAME = "Mikrotik" DEFAULT_SSL = False +DEFAULT_VERIFY_SSL = False CONF_SCAN_INTERVAL = "scan_interval" DEFAULT_SCAN_INTERVAL = 30 diff --git a/custom_components/mikrotik_router/coordinator.py b/custom_components/mikrotik_router/coordinator.py index 5ba8cb1..6e42f88 100644 --- a/custom_components/mikrotik_router/coordinator.py +++ b/custom_components/mikrotik_router/coordinator.py @@ -26,6 +26,7 @@ from homeassistant.const import ( CONF_USERNAME, CONF_PASSWORD, CONF_SSL, + CONF_VERIFY_SSL, CONF_ZONE, STATE_HOME, ) @@ -130,6 +131,7 @@ class MikrotikTrackerCoordinator(DataUpdateCoordinator[None]): config_entry.data[CONF_PASSWORD], config_entry.data[CONF_PORT], config_entry.data[CONF_SSL], + config_entry.data[CONF_VERIFY_SSL], ) # --------------------------- @@ -271,6 +273,7 @@ class MikrotikCoordinator(DataUpdateCoordinator[None]): config_entry.data[CONF_PASSWORD], config_entry.data[CONF_PORT], config_entry.data[CONF_SSL], + config_entry.data[CONF_VERIFY_SSL], ) self.debug = False @@ -1584,7 +1587,7 @@ class MikrotikCoordinator(DataUpdateCoordinator[None]): try: full_version = self.ds["fw-update"].get("installed-version") split_end = min(len(full_version), 4) - version = re.sub(r"[^0-9\.]", "", full_version[0:split_end]) + version = re.sub("[^0-9\.]", "", full_version[0:split_end]) self.major_fw_version = int(version.split(".")[0]) self.minor_fw_version = int(version.split(".")[1]) _LOGGER.debug( diff --git a/custom_components/mikrotik_router/mikrotikapi.py b/custom_components/mikrotik_router/mikrotikapi.py index f3ab103..ed8f1f5 100644 --- a/custom_components/mikrotik_router/mikrotikapi.py +++ b/custom_components/mikrotik_router/mikrotikapi.py @@ -28,12 +28,14 @@ class MikrotikAPI: password, port=0, use_ssl=True, + ssl_verify=True, login_method=DEFAULT_LOGIN_METHOD, encoding=DEFAULT_ENCODING, ): """Initialize the Mikrotik Client.""" self._host = host self._use_ssl = use_ssl + self._ssl_verify = ssl_verify self._port = port self._username = username self._password = password @@ -118,15 +120,19 @@ class MikrotikAPI: "port": self._port, } - if self._use_ssl: - if self._ssl_wrapper is None: - ssl_context = ssl.create_default_context() - ssl_context.check_hostname = False - ssl_context.verify_mode = ssl.CERT_NONE - self._ssl_wrapper = ssl_context.wrap_socket - kwargs["ssl_wrapper"] = self._ssl_wrapper self.lock.acquire() try: + if self._use_ssl: + if self._ssl_wrapper is None: + ssl_context = ssl.create_default_context() + ssl_context.check_hostname = False + if self._ssl_verify: + ssl_context.verify_mode = ssl.CERT_REQUIRED + ssl_context.verify_flags &= ~ssl.VERIFY_X509_STRICT + else: + ssl_context.verify_mode = ssl.CERT_NONE + self._ssl_wrapper = ssl_context.wrap_socket + kwargs["ssl_wrapper"] = self._ssl_wrapper self._connection = librouteros.connect( self._host, self._username, self._password, **kwargs ) @@ -164,6 +170,9 @@ class MikrotikAPI: if "ALERT_HANDSHAKE_FAILURE" in error: self.error = "ssl_handshake_failure" + if "CERTIFICATE_VERIFY_FAILED" in error: + self.error = "ssl_verify_failure" + # --------------------------- # connected # --------------------------- diff --git a/custom_components/mikrotik_router/strings.json b/custom_components/mikrotik_router/strings.json index 1303cf1..1f4358a 100644 --- a/custom_components/mikrotik_router/strings.json +++ b/custom_components/mikrotik_router/strings.json @@ -10,7 +10,8 @@ "port": "Port", "username": "Username", "password": "Password", - "ssl": "Use SSL" + "ssl": "Use SSL", + "verify_ssl": "Verify SSL" } } }, @@ -18,6 +19,7 @@ "name_exists": "Name already exists.", "cannot_connect": "Cannot connect to Mikrotik.", "ssl_handshake_failure": "SSL handshake failure", + "ssl_verify_failure": "Certificate verify failed", "connection_timeout": "Mikrotik connection timeout.", "wrong_login": "Invalid user name or password." } diff --git a/custom_components/mikrotik_router/translations/en.json b/custom_components/mikrotik_router/translations/en.json index 02f18d7..964989b 100644 --- a/custom_components/mikrotik_router/translations/en.json +++ b/custom_components/mikrotik_router/translations/en.json @@ -10,7 +10,8 @@ "port": "Port", "username": "Username", "password": "Password", - "ssl": "Use SSL" + "ssl": "Use SSL", + "verify_ssl": "Verify SSL" } } }, @@ -18,6 +19,7 @@ "name_exists": "Name already exists.", "cannot_connect": "Cannot connect to Mikrotik.", "ssl_handshake_failure": "SSL handshake failure", + "ssl_verify_failure": "Certificate verify failed", "connection_timeout": "Mikrotik connection timeout.", "wrong_login": "Invalid user name or password." }