Open tdstein opened 6 months ago
dbkegley
commented
6 months ago nit: I think requests falls back to certifi.where() if neither of those environment vars are set.
https://docs.python-requests.org/en/latest/user/advanced/#ca-certificates https://github.com/psf/requests/blob/2d5f54779ad174035c5437b3b3c1146b0eaf60fe/src/requests/utils.py#L63
NicolaiLolansen
commented
1 month ago The rsconnect package has a flag --insecure
TLS Support and Posit Connect Usually, a Posit Connect server will be set up to be accessed in a secure manner, using the https protocol rather than simple http. If Posit Connect is set up with a self-signed certificate, you will need to include the --insecure flag on all commands. If Posit Connect is set up to require a client-side certificate chain, you will need to include the --cacert option that points to your certificate authority (CA) trusted certificates file. Both of these options can be saved along with the URL and API Key for a server.
https://pypi.org/project/rsconnect-python/
I think it would make sense to reflect the same behavior for this package.
By default, the requests package reads CA_BUNDLE information from the
REQUESTS_CA_BUNDLEenv var and falls-back toCURL_CA_BUNDLE. If neither of these are set properly, the request will result in anSSLError.The requests package provides support for configuring server-side and client-side certificate locations. See https://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
Add support to the
connect.Clientto accept these properties and pass them to therequests.Sessioninstance.Additionally, there may be an opportunity to default the verify property to a specific location when it is known that the client is running within Connect. Further research is needed.