Refactored SSL Handling #73
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Users have been reporting issues with their SSL certificates failing to verify. After research we have found that some packages are handled differently now with 3.10 vs 3.9 python versions. This makes a need for how we were handling things before for users to install an extra python package which is not suitable for them. Which is also why it was not caught in testing as we have these packages installed already in our environments.
We are now importing the certifi package and using that to grab the SSL root certificate paths to pass approrpiately to verify against root certs.
I have changed the way we are handling the HTTP/HTTPS connections for the RPC client because it is also handled in the bitcoin json rpc library we are using causing some confusion with our use of
self.httpConnectionand then AuthServiceProxy having similar check in its init function.Lastly, when testing after this I had some crashing from the response time calculation for trying to add a 'None' type by a float value, and so incase of 'None' we now set it to a default float value of 0.0 to resolve this.