Skip to content

fix: use the correct SSL config if cert verification is disabled #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jan 24, 2024
Merged

fix: use the correct SSL config if cert verification is disabled #187

merged 9 commits into from
Jan 24, 2024

Conversation

pyrooka
Copy link
Member

@pyrooka pyrooka commented Jan 23, 2024

It turned out, disabling the SSL certificate verification didn't work as expected.
We passed the right arguments to the requests package, but since we use
a custom SSL context, it couldn't turn off the verification entirely, because the
default SSL context has the check_hostname set to True and the documentation
says the following: "verify_mode is now automatically changed to CERT_REQUIRED
when hostname checking is enabled and verify_mode is CERT_NONE."
This commit adds an addition step which disables the hostname checking in our
custom SSL context.

Ref: #186

@pyrooka pyrooka force-pushed the nb/fix-disable-ssl branch from 0c0e0c0 to 7fa94d2 Compare January 23, 2024 18:45
@pyrooka pyrooka self-assigned this Jan 23, 2024
@pyrooka pyrooka requested a review from padamstx January 23, 2024 18:52
padamstx
padamstx reviewed Jan 23, 2024
View reviewed changes
Copy link
Member

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I have a couple of questions/comments:

  1. Perhaps we should add a negative test that shows that an exception occurs (bad certificate) if SSL verification is NOT disabled.
  2. Perhaps it would be good to document how you created the certificate and key files used during the test. Maybe the test_no_ssl_verification.py file would be a good place for this?

@pyrooka pyrooka marked this pull request as ready for review January 24, 2024 12:02
@pyrooka pyrooka requested a review from padamstx January 24, 2024 12:02
@pyrooka pyrooka force-pushed the nb/fix-disable-ssl branch from a8330c2 to af12ac3 Compare January 24, 2024 12:04
@pyrooka
chore: update .secrets.baseline
fb614b9 
Signed-off-by: Norbert Biczo <[email protected]>
padamstx
padamstx approved these changes Jan 24, 2024
View reviewed changes
Copy link
Member

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pyrooka
pyrooka commented Jan 24, 2024
View reviewed changes
@pyrooka
chore: fix typo
5855aed 
Signed-off-by: Norbert Biczo <[email protected]>
@pyrooka pyrooka merged commit 7fc172a into main Jan 24, 2024
@pyrooka pyrooka deleted the nb/fix-disable-ssl branch January 24, 2024 17:42
ibm-devx-sdk pushed a commit that referenced this pull request Jan 24, 2024
@semantic-release-bot
chore(release): 3.19.1 release notes
a6e219f 
## [3.19.1](v3.19.0...v3.19.1) (2024-01-24)

### Bug Fixes

* use the correct SSL config if cert verification is disabled ([#187](#187)) ([7fc172a](7fc172a))
@ibm-devx-sdk
Copy link

🎉 This PR is included in version 3.19.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@padamstx padamstx padamstx approved these changes

Assignees

@pyrooka pyrooka

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pyrooka @ibm-devx-sdk @padamstx