-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ENH][SEC]: CIP-01022024 SSL Verify Client Config #1604
Merged
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
55c6c04
feat: CIP-01022024 SSL Verify Client Config
tazarov 38623cf
docs: Updated the CIP's title and self-signed cert notice
tazarov a19a7e8
docs: Added a note about server-side certs in the CIP
tazarov 43febff
Merge branch 'chroma-core:main' into feature/ssl-verify
tazarov 2e90986
fix: Fixed certificate generation to use subjectAltName as newer SSL …
tazarov d698c46
fix: Skipping SSL tests when doing int tests
tazarov 9d14e7e
fix: Adding some debugging to openssl cert generation
tazarov f0263a0
fix: Fixing SSL config error
tazarov 84cdfa2
docs: Addressed @beggers comments.
tazarov File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[req] | ||
distinguished_name = req_distinguished_name | ||
x509_extensions = usr_cert | ||
|
||
[req_distinguished_name] | ||
CN = localhost | ||
|
||
[usr_cert] | ||
subjectAltName = @alt_names | ||
|
||
[alt_names] | ||
DNS.1 = localhost |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# CIP-01022024 SSL Verify Client Config | ||
|
||
## Status | ||
|
||
Current Status: `Under Discussion` | ||
|
||
## Motivation | ||
|
||
The motivation for this change is to enhance security and flexibility in Chroma's client API. Users need the ability to | ||
configure SSL contexts to trust custom CA certificates or self-signed certificates, which is not straightforward with | ||
the current setup. This capability is crucial for organizations that operate their own CA or for developers who need to | ||
test their applications in environments where certificates from a recognized CA are not available or practical. | ||
|
||
The suggested change entails a server-side certificate be available, but this CIP does not prescribe how such | ||
certificate should be configured or obtained. In our testing, we used a self-signed certificate generated with | ||
`openssl` and configured the client to trust the certificate. We also experiment with a SSL-terminated proxy server. | ||
Both of approaches yielded the same results. | ||
|
||
> **IMPORTANT:** It should be noted that we do not recommend or encourage the use of self-signed certificates in | ||
> production environments. | ||
|
||
We also provide a sample notebook that to help the reader run a local Chroma server with a self-signed certificate and | ||
configure the client to trust the certificate. The notebook can be found | ||
in [assets/CIP-01022024-test_self_signed.ipynb](./assets/CIP-01022024-test_self_signed.ipynb). | ||
|
||
## Public Interfaces | ||
|
||
> **Note:** The following changes are only applicable to Chroma HttpClient. | ||
|
||
New settings variable `chroma_server_ssl_verify` accepting either a boolean or a path to a certificate file. If the | ||
value is a path to a certificate file, the file will be used to verify the server's certificate. If the value is a | ||
boolean, the SSL certificate verification can be bypassed (`false`) or enforced (`true`). | ||
|
||
The value is passed as `verify` parameter to `requests.Session` of the `FastAPI` client. See | ||
requests [documentation](https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification) for | ||
more details. | ||
|
||
Example Usage: | ||
|
||
```python | ||
import chromadb | ||
from chromadb import Settings | ||
client = chromadb.HttpClient(host="localhost",port="8443",ssl=True, settings=Settings(chroma_server_ssl_verify='./servercert.pem')) | ||
# or with boolean | ||
client = chromadb.HttpClient(host="localhost",port="8443",ssl=True, settings=Settings(chroma_server_ssl_verify=False)) | ||
``` | ||
|
||
### Resources | ||
|
||
- https://requests.readthedocs.io/en/latest/api/#requests.request | ||
- https://www.geeksforgeeks.org/ssl-certificate-verification-python-requests/ | ||
|
||
## Proposed Changes | ||
|
||
The proposed changes are mentioned in the public interfaces. | ||
|
||
## Compatibility, Deprecation, and Migration Plan | ||
|
||
The change is not backward compatible from client's perspective as the lack of the feature in prior clients will cause | ||
an error when passing the new settings parameter. Server-side is not affected by this change. | ||
|
||
## Test Plan | ||
|
||
API tests with SSL verification enabled and a self-signed certificate. | ||
|
||
## Rejected Alternatives | ||
|
||
N/A |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we specify that this settings variable only matters for clients? And probably document that fact in a comment next to the settings variable itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can go even further and add this to the official docs. Let me quickly have a look to see if it makes sense to add it somewhere.