-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed: ssl conditions in http.py #17
Conversation
…verify to false if verify_ssl is not true.
sqlalchemy_solr/http.py
Outdated
@@ -90,6 +89,13 @@ def create_connect_args(self, url, **kwargs): | |||
|
|||
# Prepare a session with proper authorization handling. | |||
session = Session() | |||
#session.verify property which is bydefault true so Handled here | |||
session.verify = False |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two points here:
- I would suggest keeping
session.verify
to the defaultTrue
and the parameter can alter that to 'False`, i.e.:
if "verify_ssl" in url.query and url.query["verify_ssl"] in [False, "False", "false"]:
session.verify = False
...
- According to the Requests documentation, there are two different session attributes:
verify
which is aboolean
andcert
which represents the path to the SSL client certificate. By contrast, onlyrequest
method acceptsverify
parameter as either aboolean
orstring
path to CA bundle. How does that apply to the logic below?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the [Requests documentation](https://requests.readthedocs.io/en/latest/api), there are two different session attributes: [verify](https://requests.readthedocs.io/en/latest/api/?highlight=verify#requests.Session.verify) which is a boolean and [cert](https://requests.readthedocs.io/en/latest/api/?highlight=verify#requests.Session.cert) which represents the path to the SSL client certificate. By contrast, only request method accepts verify parameter as either a boolean or string path to CA bundle. How does that apply to the logic below?
Actually here I have refered below condition in _solrdbapi.py : I think then should we have to change this also?
if verify_ssl is False:
session.verify = False
else:
if ca_certs is not None:
session.verify = ca_certs
else:
session.verify = True
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest keeping session.verify to the default True and the parameter can alter that to 'False`, i.e.:
if "verify_ssl" in url.query and url.query["verify_ssl"] in [False, "False", "false"]:
session.verify = False
Are you intending to enforce certificate verification by default unless the client explicitly sets verify_ssl
to False?
…tly sets 'verify_ssl' to False.
@aadell, Thank you. |
Hi @rohitpawar2811 LGTM. thank you for your contribution! |
Thanks, @aadel, for your support. I'm curious about when these changes will be available in the next release. Could you please provide the expected release date? Also, could you share your LinkedIn ID? I'd like to add you to my connections. It's been great to connect with you. |
Thanks! |
Okay thanks for info. https://www.linkedin.com/in/rohitpawar2811/ : connect me |
Previously, when SSL was enabled, self.proto was not set, causing issues with functions like get_table_names, and get_columns.
@aadel