Open Zoynels opened 4 years ago
This x1000. For all corporate coding work.
Until this enhancement is done (or if you do not want to disable ssl verification), this may help some users get safety running in these types of environments.
The root issue appears to be that the requests library doesn't look at system based ca-certs. Instead it looks at certifi certs
A temporary fix to work around the invalid certifi cert is by overwriting it with a valid cert.
For instance on Ubuntu this bash script works, at least until certifi updates and overwrites it:
#!/bin/bash
#Determine the location of the certifi cert in our python env
python_certs=$(echo "from requests.utils import DEFAULT_CA_BUNDLE_PATH;print(DEFAULT_CA_BUNDLE_PATH)" | python3)
#example: /home/someUser/tmpvenv/lib/python3.6/site-packages/certifi/cacert.pem
#Assuming you have installed the custom CA cert on the system, otherwise point it to the correct CA cert
ubuntu_certs="/etc/ssl/certs/ca-certificates.crt"
echo "Removing python certs at $python_certs"
rm $python_certs
echo "Relinking to $ubuntu_certs"
ln -s $ubuntu_certs $python_certs
A less risky way to accomplish the same goal would be to honor the REQUESTS_CA_BUNDLE
or CURL_CA_BUNDLE
environmental variables, which is what tools like pip
and libraries like requests
use:
https://pip.pypa.io/en/stable/topics/https-certificates/#using-a-specific-certificate-store
Description
I have proxy server which breaks ssl sertificates. So I can't get database though fetch_database_url(). now I manualy change line:
to
Can you add cli option to ignore SSL certficate like https://stackoverflow.com/questions/15445981/how-do-i-disable-the-security-certificate-check-in-python-requests