MM-Lehmann
commented
1 year ago What would be a suitable workaround to bypass verification? maybe it's possible to prepare a request session up-front?
Closed mgian closed 1 month ago
MM-Lehmann
commented
1 year ago What would be a suitable workaround to bypass verification? maybe it's possible to prepare a request session up-front?
mikix
commented
2 months ago Fhirclient currently uses the requests library - I believe it supports environment variables to point at your own self-signed certs: https://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
Looks like REQUESTS_CA_BUNDLE might do what you want?
While developing with a test server (in this case the IBM fhir-server) which came with only https enabled by default and a self signed certificate, the library cannot connect to the server with the error
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain
which is of course correct given the situation.
Python however allow to bypass the certificate verification by explititally setting some flags in the request library, but it seems that there is no way to do it using this library (or I was not able to find how to do it)
It would be nice to have an explicit way to avoid all the certificate verification process while connecting to the server, mimicking what python itself does, skipping it only if a specific parameters is passed or a flag is set.
I understand that it would possibly be a security risk (if a developer does not remove the parameter while deploying to production, the prod system will never check for the certificate validity and then cannot verify that the server is legit), but from a development point of view it can be usefull