Support for dev certificates

[Persi]

In our local dev environment we use self signed certs generated with mkcert. I do not want to disable ssl verification, but wasn't able to find a way to let posting use my local root CA generated by mkcert. I've tried injection python package "truststore" to posting as well as setting python config param global.cert.

Every request to my local backend fails with the following:

Did I miss something or does posting not support adding a CA for SSL verification currently?

[darrenburns]

Ah sorry, it's not supported yet. Hopefully it'll land this week.

[Persi]

Thanks for the response, no pressure, it's just good to know you have it on the roadmap!

[darrenburns]

This is included as part of 1.4.0 - let me know how it goes!

https://github.com/darrenburns/posting/releases/tag/1.4.0

I'll close this issue. Feel free to open a bug report if you run into any problems :)

[Persi]

Hi, I've upgraded to 1.5.1 and configured the new ssl options as follows:

ssl:
  certificate_path: '/Users/mberndt/.ceres/certs/localhost.data-experts.net.pem'
  key_file: '/Users/mberndt/.ceres/certs/localhost.data-experts.net.key'

Requests still fail with mentioned error if I enable certificate verification.

I wasn't sure about the password param, which password would be needed here?

[darrenburns]

My apologies - I see the mistake. I'll try to get a fix out today!

[Persi]

Everything is fine, thank you for your fast support! :)

[darrenburns]

There's a new ssl.ca_bundle config in 1.6.0 that'll let you specify a custom CA bundle. You can pass your dev certificate .pem to that. The key_file and certificate_path aren't required. Hopefully that resolves it 🙏

[Persi]

That new config works as expected :) Thank you very much for the fast fixes!

[darrenburns]

Great! Thank you for the feedback 🙇‍♂️