Automatisation/browser-cli
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 5 Wiki Activity

fix: auto-wrap TLS for port 443 in _send_remote
Testing / test (push) Successful in 27s
Details

Browse Source 
Port 443 → ssl.create_default_context().wrap_socket() before the
challenge handshake so Traefik TCP routers with TLS termination work.
Other ports stay plain TCP.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Daniel Dolezal
2026-05-03 11:43:27 +02:00
parent 0d5c49c19a
commit 217641d0ef
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browser_cli/client.py
+15 -3
View File
@@ -242,9 +242,21 @@ def _send_remote(endpoint: str, msg: dict, private_key=None) -> bytes | None:
host, _, port_str = endpoint.rpartition(":") host, _, port_str = endpoint.rpartition(":")
if not host or not port_str: if not host or not port_str:
raise BrowserNotConnected(f"Invalid remote endpoint '{endpoint}': expected host:port") raise BrowserNotConnected(f"Invalid remote endpoint '{endpoint}': expected host:port")
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: port = int(port_str)
sock.settimeout(30) raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, int(port_str))) raw_sock.settimeout(30)
try:
raw_sock.connect((host, port))
if port == 443:
import ssl
ctx = ssl.create_default_context()
sock = ctx.wrap_socket(raw_sock, server_hostname=host)
else:
sock = raw_sock
except Exception:
raw_sock.close()
raise
with sock:
# receive challenge # receive challenge
challenge_raw = _recv_all(sock) challenge_raw = _recv_all(sock)