infobloxopen / infoblox-client

Infoblox NIOS Python WAPI Client
Apache License 2.0
142 stars 104 forks source link

Support custom CA bundles for certificate validation #356

Closed onitake closed 1 year ago

onitake commented 2 years ago

The requests library supports True, False or a string value for the verify parameter in HTTPS requests, or the Session object: https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification

With the way the ssl_verify connection parameter is processed in the infoxblox-client module, it's not possible to pass a bundle path. Only stringified boolean values are supported.

Due to this limitation, it's only possible to support custom CA bundles through the REQUESTS_CA_BUNDLE environment variable, which will affect all HTTPS requests made with the requests module. This can be a problem in cases, where different CA certificates must be used for certificate validation in an application that interacts with different systems.

onitake commented 1 year ago

I've solved this issue by assigning the CA bundle directly to the session object:

        conn = connector.Connector({"host": host,"username": username,"password": password})
        conn.session.verify = ca_bundle_file

But this seems a bit hackish. It would be better if the connector constructor supported this out of the box, by accepting a boolean or a string for the ssl_verify parameter.

sarya-infoblox commented 1 year ago

Closing the issue, as it is solved already.