Support custom CA bundles for certificate validation
Closed this issue · 2 comments
The requests library supports True, False or a string value for the verify
parameter in HTTPS requests, or the Session object: https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
With the way the ssl_verify
connection parameter is processed in the infoxblox-client module, it's not possible to pass a bundle path. Only stringified boolean values are supported.
Due to this limitation, it's only possible to support custom CA bundles through the REQUESTS_CA_BUNDLE
environment variable, which will affect all HTTPS requests made with the requests module. This can be a problem in cases, where different CA certificates must be used for certificate validation in an application that interacts with different systems.
I've solved this issue by assigning the CA bundle directly to the session object:
conn = connector.Connector({"host": host,"username": username,"password": password})
conn.session.verify = ca_bundle_file
But this seems a bit hackish. It would be better if the connector constructor supported this out of the box, by accepting a boolean or a string for the ssl_verify
parameter.
Closing the issue, as it is solved already.