Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use system CA certs for SSL connections #14

Closed
emanspeaks opened this issue May 22, 2020 · 3 comments
Closed

Use system CA certs for SSL connections #14

emanspeaks opened this issue May 22, 2020 · 3 comments

Comments

@emanspeaks
Copy link

emanspeaks commented May 22, 2020
edited

My office's GitLab server uses an SSL cert that Python out of the box doesn't seem to like. After much searching, I came across a solution that I was able to splice in and make Gitlabber finally work. I'm mostly writing an issue now as a braindump and at some point I can try to create a PR from my personal laptop.

...

# see https://stackoverflow.com/a/50215614
import requests
from requests.adapters import HTTPAdapter
# from requests.packages.urllib3.util.ssl_ import create_urllib3_context
from ssl import create_default_context

class SSLContextAdapter(HTTPAdapter):
    def init_poolmanager(self, *args, **kwargs):
        context = create_default_context()  # create_urllib3_context()
        kwargs['ssl_context'] = context
        context.load_default_certs() # this loads the OS defaults on Windows
        return super(SSLContextAdapter, self).init_poolmanager(*args, **kwargs)


def get_system_cert_context(url):
    s = requests.Session()
    adapter = SSLContextAdapter()
    s.mount(url, adapter)
    s.get(url)
    return s


class GitlabTree:

    def __init__(self, url, token, method, includes=[], excludes=[], in_file=None, concurrency=1, disable_progress=False):
        self.includes = includes
        self.excludes = excludes
        self.url = url
        self.root = Node("", root_path="", url=url)

        self.gitlab = Gitlab(url, private_token=token,
                             session=get_system_cert_context(url))

...
@alaczyz
Copy link

alaczyz commented Jun 14, 2020

Hi,
@emanspeaks
I have the same issue and your code solves it. Can you create PR?
Best regards,
Ala

@heltewig-fisp
Copy link

Hi, I second that PR.
Same problem here, self-signed corporate CA.
Unfortunately, I have no clue where to start modding my local installation of gitlabber...

Best regards,
Sebastian

@gargoylexxx
Copy link

Just to share here, am using self-signed corporate CA too. Since i am lazy to grab CA cert from network and security team, i just modify a bit on the local gitlabber code instead to skip all SSL verification.

Edit in the local library file "gitlab-tree.py", and add ssl_verify=False to the Gitlab object

self.gitlab = Gitlab(url, private_token=token, ssl_verify=False)

This is an insecure method.

joubin pushed a commit to joubin/gitlabber that referenced this issue Jan 4, 2021
Fixed issue ezbz#14 by getting the system CA PATH
d6f62c2
@joubin joubin mentioned this issue Jan 4, 2021
Merged
ezbz pushed a commit that referenced this issue Feb 21, 2021
@joubin
Fixed issue #14 by getting the system CA PATH (#35)
3a5fe79 
* Fixed issue #14 by getting the system CA PATH

* Added missing dependency from requirments

* Fixed typo

* Added tests and CURL CA PATH

Co-authored-by: Joubin Jabbari <joubin@jabbari.io>
@ezbz ezbz closed this as completed Feb 21, 2021
@ezbz ezbz mentioned this issue Apr 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ezbz @alaczyz @emanspeaks @gargoylexxx @heltewig-fisp