Closed aalekhpatel07 closed 12 months ago
davep
commented
12 months ago Just looking at the background to this and how this relates to the fact that we use httpx, not requests; is this relevant:
Requests supports REQUESTS_CA_BUNDLE which points to either a file or a directory. HTTPX supports the SSL_CERT_FILE (for a file) and SSL_CERT_DIR (for a directory) OpenSSL variables instead.
aalekhpatel07
commented
12 months ago That looks like a decent alternative. Thank you. I wonder if it is still worth to support REQUESTS_CA_BUNDLE even if just for the sake of completeness and fixing this leaky abstraction.
davep
commented
12 months ago I wonder if it is still worth to support REQUESTS_CA_BUNDLE even if just for the sake of completeness
Given that that seems specific to one particular library for one particular language, whereas the ones that httpx support seem very general on a system, I don't think I'm seeing the benefit really, unless I'm missing something? Surely if an environment needs to be doing this it would potentially need to be doing it for many applications, OpenSSL is pretty common, and so a user of frogmouth wouldn't even need to know the language used to write it, nor the library used to perform requests, to fix the problem.
Am I missing something here?
aalekhpatel07
commented
12 months ago seems reasonable. thanks for clarifying!
Fetching contents from a site with a custom SSL cert setup causes the following error:
Ideally, we'd like to respect custom cert bundles at runtime, and
requeststakes aREQUESTS_CA_BUNDLEapproach for it. We could use the same here.In the new version, the usage would look like this: