search

david-caro / python-foreman

Small low level python wrapper around Foreman API
GNU General Public License v2.0
58 stars 37 forks source link

Allow SSL verification #32

Closed fpytloun closed 9 years ago

fpytloun commented 9 years ago

By default, foreman client sets verify: False and doesn't allow client to change the behavior easily. Introduce verify parameter to allow client to submit CA certificate and use SSL verification.

It keeps current status quo but I believe that SSL verification should be enabled by default.

Example client usage:

    if not certs or certs is True:
    # Try to determine system-wide CA bundle and use it
    if os.path.isfile('/etc/pki/cacert.pem'):
        # We are Linux (RHEL-based), use system-wide CA bundle
        certs = '/etc/pki/cacert.pem'
    elif os.path.isfile('/etc/ssl/certs/ca-certificates.crt'):
        # We are Linux (Debian-based), use system-wide CA bundle
        certs = '/etc/ssl/certs/ca-certificates.crt'
    else:
        # Just believe in miracles
        certs = True
    lg.debug("Using CA bundle for SSL verification (%s)" % certs)

    self.foreman = Foreman(url, auth, verify=certs)
fpytloun commented 9 years ago

Rebased. What about merging this? This at least allows client to verify SSL connections (which should be default in my opinion) and it is very trivial fix. We are already using python-foreman with this patch for some time with no issue.