Allow for custom certificate chains #105
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Makes sense to me, but I will let @Hironsan approve and merge this one. Not sure if they have another approach in mind. |
|
Sure, no problem. I thought about a kwargs approach, but
requests.Session() doesn't accept verify as an argument.
I suppose one could always manually pass the certs to the session created
by DoccanoClient and negate the need for this altogether, though that's
less clean IMO.
Best
Evan Jones
郑恩尉
Website: www.ea-jones.com
…On Thu, Oct 6, 2022 at 10:48 AM houssam7737 ***@***.***> wrote:
Makes sense to me, but I will let @Hironsan <https://github.com/Hironsan>
approve and merge this one. Not sure if they have another approach in mind.
—
Reply to this email directly, view it on GitHub
<#105 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJ2T6AKJGJLPYYHNF7GK7CLWB3REDANCNFSM6AAAAAAQ5YR3LY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
When hosting Doccano behind a reverse proxy with encryption (HTTPS), it is possible that the Certificate Authority used to generate the certs is not a recognized actor by openssl (actually, this is quite likely since openssl, by default trusts no one). Under these circumstances, Doccano Client will fail to connect with the server unless the cert chain is added to the client server's list of trusted certs. Adding these certs to all users' machines is cumbersome and is not viable for some less tech savvy users.
Instead, it is much easier to share the cert chain
.pemfile amongst your team and pass this to the request Session's verify argument.I have added a verify argument to other DoccanoClient init function to be passed to the session. It is not as clean as a kwargs approach, but it gets the job done and solves existing issues (#21).