Make it possible to ignore SSL certificate errors.

druid-io / pydruid

A Python connector for Druid

Other

506 stars 194 forks source link

Make it possible to ignore SSL certificate errors. #115

Open j3pic opened 6 years ago

j3pic commented 6 years ago

This is a remake of #114. I had to delete the entire repo, re-fork it, and manually copy the changed file over because of the way that PR #80 was merged.

I have changed the way ssl_context() works so that the configuration check happens there instead of in _post().

gianm commented 6 years ago

@j3pic Thanks for re-raising it.

On the git stuff: we typically squash before merging to keep the history in master cleaner. So that can make future merges and rebases fail, but you should be able to get away with rebasing on master and skipping the commits from #80, or alternatively creating a new branch from master and then cherry-picking the commit you wanted from #114.

The patch looks good to me. I just checked with the powers that be and it looks like the CLA form is working once again. So could you please give that a shot, and then we can accept this patch. Thanks!

jachen-alch commented 5 years ago

ping. status on this patch?

j3pic commented 5 years ago

I never heard back about that corporate CLA.

vikramarsid commented 4 years ago

@gianm Any update on this PR, else I can open a new PR crediting @j3pic.

jachen-alch commented 4 years ago

@gianm Ping, any update on this?

mistercrunch commented 4 years ago

Rebase pls!

didip commented 3 years ago

Is there a reason why this PR is still unmerged? Not being able to talk to Druid via HTTPS is a pretty serious problem.

j3pic commented 3 years ago

@didip My former employer, Instacart, has just ignored the request for the "CLA" document (which IIRC has something to do with copyright). I was never able to get it signed by someone high enough in the company. Someone probably needs to re-fix this problem from scratch, since I don't work there anymore.

valer-cara commented 2 years ago

Indeed pretty sad that this PR hasn't yet been merged. I've used stunnel for to proxy plain http to remote TLS with a config file like below. Just set your pydruid host to http://127.0.0.1:8989 and stunnel will ship it upstream

foreground = yes # optional, yes, outside of [foobar]

[foobar]
client = yes
accept = 127.0.0.1:8989
verifyChain = no # the point of all this, ignore invalid certs
connect = some-upstream-host
sni =  some-upstream-host # optional, helps if remote host validates SNI

Thanks for creating this PR in any case! Hope it'll get merged :)