diff --git a/jira/client.py b/jira/client.py index 74404ea4a..251f3003f 100644 --- a/jira/client.py +++ b/jira/client.py @@ -378,8 +378,11 @@ def __init__( * rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``. * agile_rest_path - the REST path to use for Jira Agile requests. Defaults to ``greenhopper`` (old, private API). Check :py:class:`jira.resources.GreenHopperResource` for other supported values. - * verify -- Verify SSL certs. Defaults to ``True``. - * client_cert -- a tuple of (cert,key) for the requests library for client side SSL + * verify (Union[bool, str]) -- Verify SSL certs. Defaults to ``True``. + Or path to to a CA_BUNDLE file or directory with certificates of trusted CAs, + for the `requests` library to use. + * client_cert (Union[str, Tuple[str,str]]) -- Path to file with both cert and key or + a tuple of (cert,key), for the `requests` library to use for client side SSL. * check_update -- Check whether using the newest python-jira library version. * headers -- a dict to update the default headers the session uses for all API requests. @@ -480,7 +483,6 @@ def __init__( self._create_oauth_session(oauth, timeout) elif basic_auth: self._create_http_basic_session(*basic_auth, timeout=timeout) - self._session.headers.update(self._options["headers"]) elif jwt: self._create_jwt_session(jwt, timeout) elif token_auth: @@ -492,12 +494,12 @@ def __init__( # always log in for cookie based auth, as we need a first request to be logged in validate = True else: - verify = bool(self._options["verify"]) self._session = ResilientSession(timeout=timeout) - self._session.verify = verify # Add the client authentication certificate to the request if configured self._add_client_cert_to_session() + # Add the SSL Cert to the request if configured + self._add_ssl_cert_verif_strategy_to_session() self._session.headers.update(self._options["headers"]) @@ -560,7 +562,6 @@ def _create_cookie_auth( ): self._session = ResilientSession(timeout=timeout) self._session.auth = JiraCookieAuth(self._session, self.session, auth) - self._session.verify = bool(self._options["verify"]) def _check_update_(self): """Check if the current version of the library is outdated.""" @@ -3345,15 +3346,12 @@ def _create_http_basic_session( Returns: ResilientSession """ - verify = bool(self._options["verify"]) self._session = ResilientSession(timeout=timeout) - self._session.verify = verify self._session.auth = (username, password) def _create_oauth_session( self, oauth, timeout: Optional[Union[Union[float, int], Tuple[float, float]]] ): - verify = bool(self._options["verify"]) from oauthlib.oauth1 import SIGNATURE_RSA from requests_oauthlib import OAuth1 @@ -3366,7 +3364,6 @@ def _create_oauth_session( resource_owner_secret=oauth["access_token_secret"], ) self._session = ResilientSession(timeout) - self._session.verify = verify self._session.auth = oauth_instance def _create_kerberos_session( @@ -3374,7 +3371,6 @@ def _create_kerberos_session( timeout: Optional[Union[Union[float, int], Tuple[float, float]]], kerberos_options=None, ): - verify = bool(self._options["verify"]) if kerberos_options is None: kerberos_options = {} @@ -3391,18 +3387,32 @@ def _create_kerberos_session( ) self._session = ResilientSession(timeout=timeout) - self._session.verify = verify self._session.auth = HTTPKerberosAuth( mutual_authentication=mutual_authentication ) def _add_client_cert_to_session(self): + """Adds the client certificate to the session. + If configured through the constructor. + + https://docs.python-requests.org/en/master/user/advanced/#client-side-certificates + - str: a single file (containing the private key and the certificate) + - Tuple[str,str] a tuple of both files’ paths """ - Adds the client certificate to the request if configured through the constructor. - """ - client_cert: Tuple[str, str] = self._options["client_cert"] # to help mypy + client_cert: Union[str, Tuple[str, str]] = self._options["client_cert"] self._session.cert = client_cert + def _add_ssl_cert_verif_strategy_to_session(self): + """Adds verification strategy for host SSL certificates. + If configured through the constructor. + + https://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification + - str: Path to a `CA_BUNDLE` file or directory with certificates of trusted CAs. + - bool: True/False + """ + ssl_cert: Union[bool, str] = self._options["verify"] + self._session.verify = ssl_cert + @staticmethod def _timestamp(dt: datetime.timedelta = None): t = datetime.datetime.utcnow() @@ -3428,7 +3438,6 @@ def _create_jwt_session( for f in jwt["payload"].items(): jwt_auth.add_field(f[0], f[1]) self._session = ResilientSession(timeout=timeout) - self._session.verify = bool(self._options["verify"]) self._session.auth = jwt_auth def _create_token_session( @@ -3440,9 +3449,7 @@ def _create_token_session( Creates token-based session. Header structure: "authorization": "Bearer " """ - verify = self._options["verify"] self._session = ResilientSession(timeout=timeout) - self._session.verify = verify self._session.auth = TokenAuth(token_auth) def _set_avatar(self, params, url, avatar):