Support custom CA bundles for certificate validation

Question

Support custom CA bundles for certificate validation

Closed this issue a year ago · 2 comments

The requests library supports True, False or a string value for the verify parameter in HTTPS requests, or the Session object: https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification

With the way the ssl_verify connection parameter is processed in the infoxblox-client module, it's not possible to pass a bundle path. Only stringified boolean values are supported.

Due to this limitation, it's only possible to support custom CA bundles through the REQUESTS_CA_BUNDLE environment variable, which will affect all HTTPS requests made with the requests module. This can be a problem in cases, where different CA certificates must be used for certificate validation in an application that interacts with different systems.

Answer 1 · 2022-12-13T17:24:23.000Z

I've solved this issue by assigning the CA bundle directly to the session object:

        conn = connector.Connector({"host": host,"username": username,"password": password})
        conn.session.verify = ca_bundle_file

But this seems a bit hackish. It would be better if the connector constructor supported this out of the box, by accepting a boolean or a string for the ssl_verify parameter.

Answer 2 · 2023-02-08T12:46:42.000Z

Closing the issue, as it is solved already.