From 77b0b95e74fab488014c3f2a445a426b64d8748f Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Wed, 26 Mar 2025 11:08:06 -0400
Subject: [PATCH] Use async native way to get server certificate

---
 packages/jumpstarter/jumpstarter/common/grpc.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/packages/jumpstarter/jumpstarter/common/grpc.py b/packages/jumpstarter/jumpstarter/common/grpc.py
index f0b59bc99..8f3a13645 100644
--- a/packages/jumpstarter/jumpstarter/common/grpc.py
+++ b/packages/jumpstarter/jumpstarter/common/grpc.py
@@ -1,3 +1,4 @@
+import asyncio
 import base64
 import os
 import socket
@@ -8,7 +9,6 @@
 
 import grpc
 from anyio import fail_after
-from anyio.to_thread import run_sync
 
 from jumpstarter.common.exceptions import ConfigurationError, ConnectionError
 
@@ -24,7 +24,13 @@ async def ssl_channel_credentials(target: str, tls_config, timeout=5):
 
         try:
             with fail_after(timeout):
-                root_certificates = await run_sync(ssl.get_server_certificate, (parsed.hostname, port))
+                ssl_context = ssl.create_default_context()
+                ssl_context.check_hostname = False
+                ssl_context.verify_mode = ssl.CERT_NONE
+                _, writer = await asyncio.open_connection(parsed.hostname, port, ssl=ssl_context)
+                root_certificates = ""
+                for cert in writer.get_extra_info("ssl_object")._sslobj.get_unverified_chain():
+                    root_certificates += cert.public_bytes()
             return grpc.ssl_channel_credentials(root_certificates=root_certificates.encode())
         except socket.gaierror as e:
             raise ConnectionError(f"Failed resolving {parsed.hostname}") from e