reverted some changes

cartertinney · cartertinney · commit a658a99293e9 · 2024-07-17T08:10:04.000-07:00
diff --git a/azure-iot-device/azure/iot/device/common/http_transport.py b/azure-iot-device/azure/iot/device/common/http_transport.py
@@ -69,8 +69,7 @@ def _create_ssl_context(self):
         This method creates the SSLContext object used to authenticate the connection. The generated context is used by the http_client and is necessary when authenticating using a self-signed X509 cert or trusted X509 cert
         """
         logger.debug("creating a SSL context")
-        # Note that PROTOCOL_TLS_CLIENT implies ssl.CERT_REQUIRED and check_hostname == true
-        ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
+        ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
 
         if self._server_verification_cert:
             ssl_context.load_verify_locations(cadata=self._server_verification_cert)
@@ -92,6 +91,9 @@ def _create_ssl_context(self):
                 self._x509_cert.pass_phrase,
             )
 
+        ssl_context.verify_mode = ssl.CERT_REQUIRED
+        ssl_context.check_hostname = True
+
         return ssl_context
 
     @pipeline_thread.invoke_on_http_thread_nowait
diff --git a/azure-iot-device/azure/iot/device/common/mqtt_transport.py b/azure-iot-device/azure/iot/device/common/mqtt_transport.py
@@ -321,8 +321,7 @@ def _create_ssl_context(self):
         This method creates the SSLContext object used by Paho to authenticate the connection.
         """
         logger.debug("creating a SSL context")
-        # Note that PROTOCOL_TLS_CLIENT implies ssl.CERT_REQUIRED and check_hostname == true
-        ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
+        ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
 
         if self._server_verification_cert:
             logger.debug("configuring SSL context with custom server verification cert")
@@ -347,6 +346,9 @@ def _create_ssl_context(self):
                 self._x509_cert.pass_phrase,
             )
 
+        ssl_context.verify_mode = ssl.CERT_REQUIRED
+        ssl_context.check_hostname = True
+
         return ssl_context
 
     def shutdown(self):
diff --git a/tests/e2e/iothub_e2e/sync/conftest.py b/tests/e2e/iothub_e2e/sync/conftest.py
@@ -20,7 +20,7 @@ def brand_new_client(device_identity, client_kwargs, service_helper, device_id,
     # Keep this here.  It is useful to see this info inside the inside devops pipeline test failures.
     logger.info(
         "Connecting device_id={}, module_id={}, to hub={} at {} (UTC)".format(
-            device_id, module_id, test_env.IOTHUB_HOSTNAME, datetime.datetime.now(datetime.UTC)
+            device_id, module_id, test_env.IOTHUB_HOSTNAME, datetime.datetime.utcnow()
         )
     )
 
diff --git a/tests/unit/common/test_http_transport.py b/tests/unit/common/test_http_transport.py
@@ -100,13 +100,14 @@ def test_proxy_format(self, proxy_options):
     )
     def test_configures_tls_context(self, mocker):
         mock_ssl_context_constructor = mocker.patch.object(ssl, "SSLContext")
+        mock_ssl_context = mock_ssl_context_constructor.return_value
 
         HTTPTransport(hostname=fake_hostname)
         # Verify correctness of TLS/SSL Context
         assert mock_ssl_context_constructor.call_count == 1
-        assert mock_ssl_context_constructor.call_args == mocker.call(
-            protocol=ssl.PROTOCOL_TLS_CLIENT
-        )
+        assert mock_ssl_context_constructor.call_args == mocker.call(protocol=ssl.PROTOCOL_TLSv1_2)
+        assert mock_ssl_context.check_hostname is True
+        assert mock_ssl_context.verify_mode == ssl.CERT_REQUIRED
 
     @pytest.mark.it(
         "Configures TLS/SSL context using default certificates if protocol wrapper not instantiated with a server verification certificate"
diff --git a/tests/unit/common/test_mqtt_transport.py b/tests/unit/common/test_mqtt_transport.py
@@ -267,9 +267,9 @@ def test_configures_tls_context(self, mocker):
 
         # Verify correctness of TLS/SSL Context
         assert mock_ssl_context_constructor.call_count == 1
-        assert mock_ssl_context_constructor.call_args == mocker.call(
-            protocol=ssl.PROTOCOL_TLS_CLIENT
-        )
+        assert mock_ssl_context_constructor.call_args == mocker.call(protocol=ssl.PROTOCOL_TLSv1_2)
+        assert mock_ssl_context.check_hostname is True
+        assert mock_ssl_context.verify_mode == ssl.CERT_REQUIRED
 
         # Verify context has been set
         assert mock_mqtt_client.tls_set_context.call_count == 1

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ def brand_new_client(device_identity, client_kwargs, service_helper, device_id,`
`20`	`20`	`# Keep this here. It is useful to see this info inside the inside devops pipeline test failures.`
`21`	`21`	`logger.info(`
`22`	`22`	`"Connecting device_id={}, module_id={}, to hub={} at {} (UTC)".format(`
`23`		`- device_id, module_id, test_env.IOTHUB_HOSTNAME, datetime.datetime.now(datetime.UTC)`
	`23`	`+ device_id, module_id, test_env.IOTHUB_HOSTNAME, datetime.datetime.utcnow()`
`24`	`24`	`)`
`25`	`25`	`)`
`26`	`26`