Breaking change in TLS Handling in 7.3.3 #201
Comments
|
Thanks for bringing this up and I would vote for the second option as adding this option has been frequently requested. |
|
requests.Session's |
|
I agree it isn't super intuitive from the link you provided and here it seems to be either a boolean or path to cert bundle. I think defining it similar to @aquamatthias's supplied example |
|
Based on the above links |
|
The issue with the argument in that position: if defined it overrides everything that has been set at session level. That is why a default value other than def __init__(...verify_override: Union[str, bool, None] = None):
if verify_override is not None:
for session in self._sessions:
session.verify = verify_overrideIt still would allow for easy disabling of tls validation via wdyt? |
|
That is a good point, your suggested solution works for me. Thanks again for pointing it out! |
|
Great. I will provide a PR. |
After upgrading python-arango from 7.3.1 to 7.3.3 we are no longer able to connect to arangodb servers with a TLS setup using a custom CA certificate.
The related change: #199 overrides the verify flag of the HTTP session with a boolean value and does not respect what has been defined before.
We followed the instructions on the docs page to set up our own HttpClient: https://docs.python-arango.com/en/main/http.html
and provide the CA bundle to the session via the verify property. See code ArangoDBClient
In order to fix the behavior I would suggest one of the following:
verify_certificateargument, since the same goal can be accomplished using the HttpClientverify_certificateargument optional and default toNoneI am happy to provide a fix if you agree with one of the suggestions.
The text was updated successfully, but these errors were encountered: