search

PureStorage-OpenConnect / py-pure-client

Pure Storage Unified APIs Python Client
https://code.purestorage.com/py-pure-client/
BSD 2-Clause "Simplified" License
23 stars 29 forks source link

ssl cert verification disabled #32

Closed diepes closed 1 year ago

diepes commented 2 years ago

In FA_2_8, around line 84 (First code in Client.py) https://raw.githubusercontent.com/PureStorage-OpenConnect/py-pure-client/master/pypureclient/flasharray/FA_2_8/client.py

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

then just below it the verification is disabled if a client cert is not specified ?
Should the cert of the pure1 flasharray not still be verified ?

config.verify_ssl = ssl_cert is not None

Found this while tracking down a urllib3 Unverified HTTPS request warning. That i tracked down to this insecure connection. https://github.com/PureStorage-OpenConnect/py-pure-client/blob/d59b19eda0299d265bdf8d62bc8084e41337df97/pypureclient/flasharray/client.py#L100

Is there a way to not disable ssl verification ? (I modified the files manually and it works fine, not sure why the default is insecure)

mkarg75 commented 1 year ago

Unfortunately the same is true for FlashBlades. Verification should be set to true by default imho.

https://github.com/PureStorage-OpenConnect/py-pure-client/blob/master/pypureclient/flashblade/FB_2_9/client.py#L109

Gregory-Bessonov commented 1 year ago

Hi @diepes, @mkarg75, Client constructor supports verify_ssl parameter starting from py-pure-client version 1.38.0. Setting that parameter to true enables ssl cert verification:

client = pypureclient.flasharray.Client(..., verify_ssl = True)

Please note: this parameter almost perfectly corresponds to verify parameter from requests library. The only exception is default behaviour: not providing a value or setting it None disables certificate validation.