You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
aiohttp-rpc framework is great, but doesn't seem to provide easy way to support self-signed certs and sessions (or user-provided SSLContext objects, or user provided CA bundle files).
To do this, I've needed to subclass off JsonRpcClient, to:
accept a constructor arg to provide custom SSL info
override .connect() to use a subclass of aiohttp.ClientSession
override .call() to capture session key after successful login
Also, subclass aiohttp.ClientSession to:
override .post() to inject ssl keyword (for user-provided custom SSL info), plus session key header
With these mods, I can now use self-signed certs on the server and validate them in the client with an SSLContext based on the server's CA public key
This is working, but it took me a fair effort to get it solid. I'd recommend allowing for a constructor arg for aiohttp_rpc.JsonRpcServer to allow users to provide their own SSL objects, to cover for cases of private connections with self-signed certs.
I'm happy to rework the company-proprietary code I did for this and send in proof of concept if needed.
Cheers
David
The text was updated successfully, but these errors were encountered:
aiohttp-rpc framework is great, but doesn't seem to provide easy way to support self-signed certs and sessions (or user-provided SSLContext objects, or user provided CA bundle files).
To do this, I've needed to subclass off JsonRpcClient, to:
Also, subclass aiohttp.ClientSession to:
With these mods, I can now use self-signed certs on the server and validate them in the client with an SSLContext based on the server's CA public key
This is working, but it took me a fair effort to get it solid. I'd recommend allowing for a constructor arg for aiohttp_rpc.JsonRpcServer to allow users to provide their own SSL objects, to cover for cases of private connections with self-signed certs.
I'm happy to rework the company-proprietary code I did for this and send in proof of concept if needed.
Cheers
David
The text was updated successfully, but these errors were encountered: