Make it possible to ignore SSL certificate errors.

[j3pic]

Imply.io uses an SSL certificate that doesn't pass certificate security checks. This PR makes PyDruid compatible with this. Call set_ignore_certificate_errors on the PyDruid object to ignore certificate errors.

This is a fork of #80, because I need basic auth, too.

@gianm I wasn't able to access the CLA. I got this error: https://i.imgur.com/4Hwlf52.png

[gianm]

@j3pic - I just merged #80 so you should be able to base this one off master now. Will do a code review shortly.

[gianm]

Thanks for the contribution @j3pic. I made a couple of suggestions.

In addition - ignoring the cert validity checks makes TLS more or less useless for security, so it'd be nice to also add an option to add additional trusted root certificates rather than disable verification completely. Then the error goes away but security is preserved. In urllib it can be done through SSLContext.load_verify_locations (see https://docs.python.org/2/library/ssl.html).

[gianm]

This should at least be called something like insecure_ssl_context(). The current name is misleading, possibly dangerously so since a caller might not realize the context is insecure.

I think, though, that it'd be even better to have ssl_context() always get called by _post and for it to do something different based on the configuration. Then it would make sense to keep the current name.

[gianm]

If you do the suggestion above, this would just be res = urllib.request.urlopen(req, context=self.ssl_context()) rather than having a conditional.

[gianm]

Fyi - since you said you're using Imply, in that case you can download the root certificate by following the docs at https://docs.imply.io/cloud/deploy/security#downloading-the-root-tls-certificate. If you configure your client to trust that then you should be good to go.

[j3pic]

@gianm #115 replaces this PR.