Closed vjeantet closed 5 months ago
Hi, well, the problem is that the solution that I have in my mind I consider as the high severity security issue.
I mean the issue is caused by ssl pinning which is toggled on by default in the default Python http library, so from my perspective it's quite a bad idea to give a user an option to opt it out. Have you a different view on this?
Hello, thanks for your quick feedback.
I agree with you, we should not touch the default TLS Pinning mode.
In my case, my issue is about the unknown CA certificate provided by my certificate (as it is self signed).
I managed to bypass this SSL verification, by adding a context
param to the self.connection=connection like bellow.
line 47
...
import ssl
...
class NetworkClient():
response: Optional[HTTPResponse] = None
def __init__(self, settings: sublime.Settings, cacher: Cacher = Cacher()) -> None:
...
self.connection = connection(url, context=ssl._create_unverified_context())
It would be cool if this behaviour could be set in settings with a boolean param.
like ssl_no_verify
I see you, more than that this is how I handle this issue by myself locally, when I needed to debug network layer of the plugin using mitm proxy.
But at my taste this issue is too specific to become the part of the settings. Let's wait a bit if there any folks who'll upvote it as well.
Closing it so far.
Hello,
My custom OpenAi Provider (ollama) use https with a self-signed certificate.
When the plugin try to connect to it, an error pops up with "error OpenAi: CERTIFICATE_VERIFY_FAILED..."
How can I tell the plugin to not verify the ssl context of the connection ? (or better, set the path to ca bundle to use ?)
thanks a lot !
update: I found some reference, but not sure if it is the solution, and how to apply it to your code. : https://stackoverflow.com/questions/48908044/how-to-disable-ssl-verification-for-http-client-httpsconnection-class-in-python