deepblue/mikrocata2selks
1
0
Fork 0
mirror of https://github.com/angolo40/mikrocata2selks.git synced 2025-05-12 08:27:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update mikrocata.py

Browse Source 
fix certificate issue
This commit is contained in:
Giuseppe 2025-01-10 09:06:05 +01:00 committed by GitHub
parent 64288136ee
commit daa7c83304
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
mikrocata.py
View File

@ -22,7 +22,8 @@ USERNAME = "mikrocata2selks"
PASSWORD = "password" PASSWORD = "password"
ROUTER_IP = "192.168.0.1" ROUTER_IP = "192.168.0.1"
TIMEOUT = "1d" TIMEOUT = "1d"
PORT = 8729 # api-ssl port USE_SSL = False # Set to True to use SSL connection
PORT = 8728 # Default port for non-SSL connection. Will use 8729 if USE_SSL is True
BLOCK_LIST_NAME = "Suricata" BLOCK_LIST_NAME = "Suricata"
#Set Telegram information #Set Telegram information
@ -280,28 +281,38 @@ def check_tik_uptime(resources):
def connect_to_tik(): def connect_to_tik():
global api global api
ctx = ssl.create_default_context()
ctx.set_ciphers('DEFAULT@SECLEVEL=1')
#set 2 to more secure ciphers protocol
#ctx.set_ciphers('DEFAULT@SECLEVEL=2')
if ALLOW_SELF_SIGNED_CERTS: # Determine which port to use
# WARNING: These settings bypass certificate verification and should only be used actual_port = 8729 if USE_SSL else 8728
# with self-signed certificates in trusted environments
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
else:
# Default secure settings - requires valid certificates
ctx.check_hostname = True
ctx.verify_mode = ssl.CERT_REQUIRED
while True: while True:
try: try:
api = connect(username=USERNAME, password=PASSWORD, host=ROUTER_IP, if USE_SSL:
ssl_wrapper=ctx.wrap_socket, port=PORT) # SSL connection setup
if ALLOW_SELF_SIGNED_CERTS:
# Settings for self-signed certificates
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
ctx.set_ciphers('DEFAULT@SECLEVEL=0')
else:
# Settings for valid certificates
ctx = ssl.create_default_context()
ctx.check_hostname = True
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.set_ciphers('DEFAULT@SECLEVEL=2')
# Connect with SSL
api = connect(username=USERNAME, password=PASSWORD, host=ROUTER_IP,
ssl_wrapper=ctx.wrap_socket, port=actual_port)
else:
# Plain connection without SSL
api = connect(username=USERNAME, password=PASSWORD, host=ROUTER_IP,
port=actual_port)
print(f"[Mikrocata] Connected to Mikrotik") print(f"[Mikrocata] Connected to Mikrotik")
break break
except librouteros.exceptions.TrapError as e: except librouteros.exceptions.TrapError as e:
if "invalid user name or password" in str(e): if "invalid user name or password" in str(e):
print("[Mikrocata] Invalid username or password.") print("[Mikrocata] Invalid username or password.")