Skip to content

Commit

Permalink
feat: allow ssl_verify config param (#62)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jframos
jframos authored Dec 30, 2020
1 parent 0cc1126 commit 7b77c74
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 3 deletions.
13 changes: 13 additions & 0 deletions docs/user-guide/configuration.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,3 +99,16 @@ Default: HttpResponse


For more in depth information, see :ref:`response`.

ssl_verify
==========
Default: None (undefined), validate certs (True)

Define if certificates are required for the SSL connection. They will be validated, and
if validation fails, the connection will also fail.

Values: (bool) `True` or `False

This value could also be defined using environment environment variable `SDKLIB_SSL_VERIFY`
::
export SDKLIB_SSL_VERIFY=False
24 changes: 21 additions & 3 deletions sdklib/http/base.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import copy
import urllib3
import ssl
import os

from sdklib.http.renderers import MultiPartRenderer, get_renderer, default_renderer
from sdklib.http.session import Cookie
Expand Down Expand Up @@ -66,7 +68,7 @@ def request_from_context(context):

log_print_request(new_context.method, url, new_context.query_params, new_context.headers, body)
# ensure method and url are native str
r = HttpSdk.get_pool_manager(new_context.proxy).request(
r = HttpSdk.get_pool_manager(new_context.proxy, ssl_verify=new_context.ssl_verify).request(
convert_unicode_to_native_str(new_context.method),
convert_unicode_to_native_str(url),
body=body,
Expand All @@ -91,7 +93,7 @@ class HttpRequestContext(object):
def __init__(self, host=None, proxy=None, method=None, prefix_url_path=None, url_path=None, url_path_params=None,
url_path_format=None, headers=None, query_params=None, body_params=None, files=None, renderer=None,
authentication_instances=None, response_class=None, update_content_type=None, redirect=None,
cookie=None, timeout=None):
cookie=None, timeout=None, ssl_verify=None):
"""
:param host:
Expand All @@ -113,6 +115,8 @@ def __init__(self, host=None, proxy=None, method=None, prefix_url_path=None, url
:param redirect: redirect requests automatically. By default: False
:param cookie:
:param timeout:
:param ssl_verify: (bool) certificates are required for the SSL connection, and will be validated, and
if validation fails, the connection will also fail
"""
self.host = host
self.proxy = proxy
Expand All @@ -132,6 +136,7 @@ def __init__(self, host=None, proxy=None, method=None, prefix_url_path=None, url
self.redirect = redirect
self.cookie = cookie
self.timeout = timeout
self.ssl_verify = ssl_verify

@property
def headers(self):
Expand Down Expand Up @@ -229,6 +234,16 @@ def timeout(self):
def timeout(self, value):
self._timeout = value

@property
def ssl_verify(self):
# If ssl_verify is not defined (None), try to get config from env var SDKLIB_SSL_VERIFY
return self._ssl_verify if self._ssl_verify is not None \
else os.getenv('SDKLIB_SSL_VERIFY', "True").lower() == "true"

@ssl_verify.setter
def ssl_verify(self, value):
self._ssl_verify = value

def clear(self, *args):
"""
Set default values to **self.fields_to_clear**. In addition, it is possible to pass extra fields to clear.
Expand Down Expand Up @@ -331,7 +346,7 @@ def default_headers(self):
return headers

@staticmethod
def get_pool_manager(proxy=None):
def get_pool_manager(proxy=None, ssl_verify=True):
if proxy is not None and proxy.startswith("socks"):
from urllib3.contrib.socks import SOCKSProxyManager
pm = SOCKSProxyManager(
Expand All @@ -346,6 +361,9 @@ def get_pool_manager(proxy=None):
else:
pm = urllib3.PoolManager(
num_pools=10,
# CERT_REQUIRED if ssl_verify is True or None (undefined) << default behaviour
# CERT_NONE only if ssl_verify is False
cert_reqs=ssl.CERT_NONE if ssl_verify is False else ssl.CERT_REQUIRED,
)
return pm

Expand Down

0 comments on commit 7b77c74

Please sign in to comment.