Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to disable certificate validation #326

Closed
mschroeder-fzj opened this issue Sep 18, 2024 · 5 comments · Fixed by #370
Closed

Add option to disable certificate validation #326

mschroeder-fzj opened this issue Sep 18, 2024 · 5 comments · Fixed by #370
Assignees
@sbanoeon
Labels
feature request Request a potential feature

Comments

@mschroeder-fzj
Copy link

Is your feature request related to a problem? Please describe.
When the module makes requests towards a FIWARE deployment (orion / iot-agent), that has e.g. self-signed certificates, the requests will fail with a Certificate Validation error.

Describe the solution you'd like
It should be possible to disable the certificate validation via a global defined variable like ssl_verify = True.
In the corresponding request section it could look like:

with requests.Session() as s:
	if isinstance(ssl_verify, bool) and not ssl_verify
		s.verify = False
@mschroeder-fzj mschroeder-fzj added the feature request Request a potential feature label Sep 18, 2024
@djs0109
Copy link
Contributor

djs0109 commented Sep 24, 2024

@mschroeder-fzj you are right, this need to be set manually so far. We have also met the same issue, and "bypassed" it just like you did. I would probably not add a global option, because the use of session is optional. But it is good to include it to one of our tutorials/exampls. @mschroeder-fzj Let me know whether you have the time to contribute. Ohterwise, I or someone will take care of it :)

Btw. @mwr-ebc you have tried adding the self-signed certificates to the trusted list, right?

@mschroeder-fzj
Copy link
Author

It doesn't have to be a completly global option.
As long as the option can be set when using session would be enough.

I don't know enough about the code to confidently contribute.

@djs0109
Copy link
Contributor

djs0109 commented Dec 11, 2024
edited
Loading

We could provide an example of using session. For example, configuring the time-out and retry number

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 7, 2025

Branch 326-Add-option-to-disable-certificate-validation created!

@djs0109
Copy link
Contributor

djs0109 commented Jan 7, 2025

@sbanoeon here is a reference implementation

FiLiP/tests/clients/test_ngsi_ld_cb.py

Lines 52 to 69 in 70042b4

session = Session()
retry_strategy = Retry(
total=5, # Maximum number of retries
backoff_factor=1, # Exponential backoff (1, 2, 4, 8, etc.)
status_forcelist=[
429,
500,
502,
503,
504,
], # Retry on these HTTP status codes
)
# Set the HTTP adapter with retry strategy
adapter = HTTPAdapter(max_retries=retry_strategy)
session.mount("https://", adapter)
session.mount("http://", adapter)
self.client = ContextBrokerLDClient(
fiware_header=self.fiware_header, session=session, url=settings.LD_CB_URL

@djs0109 djs0109 mentioned this issue Jan 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbanoeon sbanoeon

Labels
feature request Request a potential feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: include example for session object RWTH-EBC/FiLiP
3 participants
@sbanoeon @djs0109 @mschroeder-fzj