Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Added support for specifying the ca-certificates.crt file #379

Closed
wants to merge 5 commits into from

3 participants

@ovidiucp

Added support for specifying the location of the ca-certificates.crt file.

To specify the location, use the configure() method before making any
async HTTP calls, like this:

from tornado.httpclient import AsyncHTTPClient
AsyncHTTPClient.configure("tornado.simple_httpclient.SimpleAsyncHTTPClient",
ca_certs='/path/to/ca-certificates.crt')

The file can be found in the tornado/ directory inside the source tree
distribution.

@ovidiucp ovidiucp Added support for specifying the location of the ca-certificates.crt …
…file.

To specify the location, use the configure() method before making any
async HTTP calls, like this:

  from tornado.httpclient import AsyncHTTPClient
  AsyncHTTPClient.configure("tornado.simple_httpclient.SimpleAsyncHTTPClient",
                            ca_certs='/path/to/ca-certificates.crt')

The file can be found in the tornado/ directory inside the source tree
distribution.
162cb8f
@bdarnell
Owner

This is part of a more general need to configure some of the HTTPRequest settings globally (proxy and ipv6 settings also make the most sense as globals). I'd rather be able to pass in a dictionary of default request settings to AsyncHTTPClient() rather than list each one explicitly. The tricky part is how exactly it would work - it would get pretty ugly (and/or magical) to let every HTTPRequest field read its default value from the AsyncHTTPClient, but it's also unpleasant to enumerate a short list of fields that can be set like this while the rest can't.

@ovidiucp

I see what you mean.

How about a scheme where there is a dictionary of settings (ca_certs, proxy, ipv6, redirects settings, timeouts, etc) that sets the defaults for all AsyncHTTPClient requests, and in addition these settings can be modified on a per-request basis? We can have a common method that looks these settings first in the request and if not present in the global dictionary. The only problem I see is the number of lookups done for each request, I'm not sure whether this is the ugly part you're referring to.

Let me know if this sounds good, I can go ahead and do it.

@bdarnell
Owner

Yeah, I think that's the right way to do it. It's just a little ugly since you have to go through this new method (and pass names as strings, etc) all the time instead of referring to the request attributes directly.

@conorbranagan

I've run into this same bug when packaging up tornado into an exe with py2exe. It's looking for the cert file from the base path to the exe, so I end up looking for it at C:\path\to\program.exe\tornado/ca-ceritifcates.crt. I'd love to see this get into the mainline if the final version ever gets implemented.

@ovidiucp ovidiucp Merge remote-tracking branch 'upstream/master'
Conflicts:
	tornado/simple_httpclient.py
b4aea94
@bdarnell bdarnell closed this in 1a5b337
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 8, 2011
  1. @ovidiucp

    Added support for specifying the location of the ca-certificates.crt …

    ovidiucp authored
    …file.
    
    To specify the location, use the configure() method before making any
    async HTTP calls, like this:
    
      from tornado.httpclient import AsyncHTTPClient
      AsyncHTTPClient.configure("tornado.simple_httpclient.SimpleAsyncHTTPClient",
                                ca_certs='/path/to/ca-certificates.crt')
    
    The file can be found in the tornado/ directory inside the source tree
    distribution.
Commits on Dec 9, 2011
  1. @ovidiucp

    Merge remote-tracking branch 'upstream/master'

    ovidiucp authored
    Conflicts:
    	tornado/simple_httpclient.py
  2. @ovidiucp
Commits on Jun 15, 2012
  1. @ovidiucp
Commits on Nov 5, 2012
  1. @ovidiucp

    Merge remote-tracking branch 'upstream/master'

    ovidiucp authored
    Conflicts:
    	tornado/simple_httpclient.py
This page is out of date. Refresh to see the latest.
Showing with 8 additions and 4 deletions.
  1. +8 −4 tornado/simple_httpclient.py
View
12 tornado/simple_httpclient.py
@@ -62,8 +62,9 @@ class SimpleAsyncHTTPClient(AsyncHTTPClient):
"""
def initialize(self, io_loop=None, max_clients=10,
+ max_simultaneous_connections=None,
hostname_mapping=None, max_buffer_size=104857600,
- resolver=None):
+ ca_certs=_DEFAULT_CA_CERTS, resolver=None):
"""Creates a AsyncHTTPClient.
Only a single AsyncHTTPClient instance exists per IOLoop
@@ -89,6 +90,7 @@ def initialize(self, io_loop=None, max_clients=10,
self.active = {}
self.hostname_mapping = hostname_mapping
self.max_buffer_size = max_buffer_size
+ self.ca_certs = ca_certs
self.resolver = resolver or Resolver(io_loop=io_loop)
def fetch(self, request, callback, **kwargs):
@@ -115,7 +117,8 @@ def _process_queue(self):
_HTTPConnection(self.io_loop, self, request,
functools.partial(self._release_fetch, key),
callback,
- self.max_buffer_size)
+ self.max_buffer_size,
+ self.ca_certs)
def _release_fetch(self, key):
del self.active[key]
@@ -126,7 +129,7 @@ class _HTTPConnection(object):
_SUPPORTED_METHODS = set(["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"])
def __init__(self, io_loop, client, request, release_callback,
- final_callback, max_buffer_size):
+ final_callback, max_buffer_size, ca_certs=None):
self.start_time = io_loop.time()
self.io_loop = io_loop
self.client = client
@@ -138,6 +141,7 @@ def __init__(self, io_loop, client, request, release_callback,
self.headers = None
self.chunks = None
self._decompressor = None
+ self.ca_certs = ca_certs
# Timeout handle returned by IOLoop.add_timeout
self._timeout = None
with stack_context.StackContext(self.cleanup):
@@ -188,7 +192,7 @@ def _on_resolve(self, future):
if self.request.ca_certs is not None:
ssl_options["ca_certs"] = self.request.ca_certs
else:
- ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
+ ssl_options["ca_certs"] = self.ca_certs
if self.request.client_key is not None:
ssl_options["keyfile"] = self.request.client_key
if self.request.client_cert is not None:
Something went wrong with that request. Please try again.