Setting the AZURE_CLI_DISABLE_CONNECTION_VERIFICATION does not have any effect for SSL verification #9001
Labels
Core
CLI core infrastructure
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
Milestone
Describe the bug
Setting the AZURE_CLI_DISABLE_CONNECTION_VERIFICATION does not have any effect. SSL verification still takes place when running Azure CLI commands.
To Reproduce
When sitting behind an SSL intercepting Proxy, the Azure CLI fails for certain commands with errors like:
Error occurred in request., SSLError: HTTPSConnectionPool(host='xxxxxx.vault.azure.net', port=443): Max retries exceeded with url: /secrets?api-version=7.0 (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Setting the AZURE_CLI_DISABLE_CONNECTION_VERIFICATION to any value causes the
should_disable_connection_verify
in the method fromazure.cli.core.util
to return True, as expected:However, the Verify flag in the requests is still set to True, so the environment variable is not working as expected.
A possible temporal workaround is to modify the sessions.py file within the requests package, and set the Verify parameter to False in the merge_environment_settings method:
Expected behavior
Setting the AZURE_CLI_DISABLE_CONNECTION_VERIFICATION to any value should disable SSL verification with Azure CLI.
Environment summary
The problem has been verified in both Windows 10 and also bash within Windows 10, running:
In Windows 10:
Azure CLI 2.0.61 and Python 3.7.3
In Bash within Windows 10
Azure CLI 2.0.60 and Python 3.6.7
The text was updated successfully, but these errors were encountered: