-
Notifications
You must be signed in to change notification settings - Fork 882
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Schema Registry client and SSL #90
Comments
@roopahc @criccomini Any thoughts on this? I'm a bit skeptical of exposing implementation details like the use of |
Agree on not wanting to expose |
@dodysw Can you help us identify exactly what parameters are needed? Is certs= and verify= enough? I would prefer to see this added as config dict properties rather than constructor args. |
For python requests, those are pretty much what needed. It looks like this:
Client private key pem file must be unencrypted so it doesn't take a password. Added: |
Okay, cool. What about the following new config properties:
This is in line with existing SSL config properties for Kafka. |
Close, I think |
@ewencp Should be possible since we are hitting rest end points after all. We can take them as argument to AvroProducer, AvroConsumer classes |
Commenting to say that I would very much be interested in being able to turn off server certificate verification when using Schema Registry over HTTPS. |
Am I correct in reading thru this, that there is no current way to use this library with a schema registry over HTTPS? @rnpridgeon I notice you self assigned this issue to yourself. Are you currently working on adding this functionality? |
So I'm realizing now that my issue is different from @dodysw. I don't need to do client cert authentication, just need to verify the server's cert. And there's a way to handle that. My solution, for anyone else searching for something similar, was to set the It's a single line, easily missed, in the
Full docs here: http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification |
fixed with #408 |
producer: Make events channel size configurable
Would it be possible to enhance the new AvroConsumer/AvroProducer/CachedSchemaRegistryClient to optionally accept certs related parameters so we can connect to Schema Registry on SSL channel that requires client certificate authentication. Or possibly accept a requests.Session() object (I think we can put a persistent certificate parameter to session object)
The text was updated successfully, but these errors were encountered: