Problem/Solution: JSONRPC over HTTPS with self-signed certs

[davidmcnabnz]

aiohttp-rpc framework is great, but doesn't seem to provide easy way to support self-signed certs and sessions (or user-provided SSLContext objects, or user provided CA bundle files).

To do this, I've needed to subclass off JsonRpcClient, to:

• accept a constructor arg to provide custom SSL info
• override .connect() to use a subclass of aiohttp.ClientSession
• override .call() to capture session key after successful login

Also, subclass aiohttp.ClientSession to:

• override .post() to inject ssl keyword (for user-provided custom SSL info), plus session key header

With these mods, I can now use self-signed certs on the server and validate them in the client with an SSLContext based on the server's CA public key

This is working, but it took me a fair effort to get it solid. I'd recommend allowing for a constructor arg for aiohttp_rpc.JsonRpcServer to allow users to provide their own SSL objects, to cover for cases of private connections with self-signed certs.

I'm happy to rework the company-proprietary code I did for this and send in proof of concept if needed.

Cheers
David

[expert-m]

Hi, David! Thanks for the comment.

JsonRpcClient can take arguments for requests in the constructor.

class JsonRpcClient(BaseJsonRpcClient):
    def __init__(self,
                 url: str, *,
                 session: typing.Optional[aiohttp.ClientSession] = None,
                 **request_kwargs) -> None:
       ...

And you can provide additional arguments. For example:

sslcontext = ssl.create_default_context(cafile='/path/to/ca-bundle.crt')
sslcontext.load_cert_chain('/path/to/client/public/device.pem', '/path/to/client/private/device.key')

async with aiohttp_rpc.JsonRpcClient('http://0.0.0.0:8080/rpc', ssl=sslcontext) as rpc:
   ...

Unfortunately, this is not described in the documentation.

[expert-m]

I close this issue. You can write questions here or create a new issue if you have any.