Make CA Persistent #4935
Make CA Persistent #4935
Conversation
Uses the default cacert (e.g. set via s = requests.Sessions(), s.verify = cacert) when it's not passed in via s.get(url, verify=cacert).
|
By the looks of it, I think the tests aren't passing because the tests expect verify=None (as it would be set in the requests() method should it not be passed into the kwargs from the get()). However, is this the intended behavior desired? Since it's a session, it should be using the self.verify when it isn't explicitly passed into the method. Therefore, under this assumption, wouldn't the tests be testing incorrect behavior since they expect the session's verify to be None as opposed to the session's default (self.verify = True set in the init)? Edit: |
|
I noticed that there is an actual merge_settings function that is used which supposedly performs the behavior I desire. I will have to look into why it doesn't appear to work for me for verify. I'll open an actual issue once I discover it, and update the proposed solution (if one is needed). |
|
thanks! |
|
@kennethreitz Thank you for responding, but it seems this issue was never fixed. I.e., the corresponding issue: #4938 had been closed without any discussion or resolution. Luckily, someone else found the same or related issue in: home-assistant-ecosystem/home-assistant-cli#184 (comment) |
|
@kennethreitz OK, re-merged with master, however, the CI fails on 2.7 since super() is expecting an argument despite the fact that the present code in master seems to be making use of Python 3.X super(). Since all the other builds pass, I presume my code change to not be the source of the issue--in particular since I've not modified anything in regards super. |
|
Actually, it seems this should have worked at some point considering it was 7 years ago that: Line 629 in 5bd6009 Line 527 in 5bd6009 verify wasn't in the call to request(...) would result in it not being in the call to send(...) consequently, it would use the default value.
In light of this I will state that my current PR just has the .get() fixed, however, these fixes of adding .setdefault() of the verify everywhere is more so a hack fix in light of this new info. The true fix would be to either ensure we don't perform additional magic regarding the passed in value and the default value between the When I get the chance, I'll git rebase this branch and attempt that approach. The issue of Python 2.7 super() though still remains a separate issue though, I believe. |
This reverts commit dc35933.
|
Closing in favor of: #5172 |
Was trying to get docker-py working with a remote host, i.e. using a key.pem, cert.pem, and ca.pem. Had SSL issues. Ultimately figured out that it was due to the APIClient being derived from requests.sessions. In particular, even if verify is set for the session, it will not actually be used since the kwargs for the get() are directly passed into the request() method (which defaults verify to None).
As additional info., curling worked when passing the cert.pem, ca.pem, and key.pem, requests worked when merely using requests.get(url, cert=(cert, key), verify=ca), and sessions worked as long as verify was always passed into the get() method, i.e. s.get(url, verify=ca, ...)