Open thomasleveil opened 5 years ago
:exclamation: No coverage uploaded for pull request base (
master@56cfed4
). Click here to learn what that means. The diff coverage is44.44%
.
@@ Coverage Diff @@
## master #670 +/- ##
=========================================
Coverage ? 80.79%
=========================================
Files ? 46
Lines ? 2963
Branches ? 181
=========================================
Hits ? 2394
Misses ? 509
Partials ? 60
Impacted Files | Coverage Δ | |
---|---|---|
cabot/settings.py | 68.42% <ø> (ø) |
|
cabot/cabotapp/views.py | 70.89% <ø> (ø) |
|
cabot/cabot_config.py | 100% <100%> (ø) |
|
cabot/cabotapp/tasks.py | 61.66% <100%> (ø) |
|
cabot/cabotapp/models/base.py | 78.87% <28.57%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 56cfed4...7c88832. Read the comment docs.
https://2.python-requests.org/en/master/api/
verify – (optional) Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use. Defaults to True. Never knew this could be a boolean or a string… Learnt smth today :)
Motivation
In it's current state, Cabot HTTP checks with SSL validation relies on the Python requests module to handle the SSL validation part.
When it comes to validate the server certificate chain, the requests module must know the CA certificate used to sign the presented server certificate. When one want to use Cabot to check an HTTPS server presenting a server certificate signed by a self-signed CA certificate, we need a mean to provide Cabot (and its requests module) with a CA bundle file containing our own certificate.
The python requests module does not use the OS CA certificates store ; instead it uses its own bundle provided by the Python Certifi module.
Changes
This PR introduces a new optional environment variable:
CABOT_HTTP_CHECK_CA_BUNDLE
which can be used to specify the path of a custom CA cert bundle file.