Verify SSL as True by default

Co-authored-by: Mathias Fußenegger <[email protected]>

CHANGES.txt

@@ -7,6 +7,10 @@ Unreleased
 
 - Added official Python 3.9 support.
 
+- BREAKING CHANGE: The driver now verifies SSL certificates when connecting via
+  HTTP by default. Previously, this setting defaulted to false. This setting
+  can be changed via the ``verify_ssl_cert`` connection parameter.
+
 2020/09/28 0.26.0
 =================
 

docs/sqlalchemy.rst

@@ -105,7 +105,7 @@ the ``connect_args`` argument, like so::
 When you do this, the Database API layer will use its :ref:`round-robin
 <multiple-nodes>` implementation.
 
-The client does not validate `SSL server certificates`_ by default. To configure
+The client validates `SSL server certificates`_ by default. To configure
 this behaviour, SSL verification options can be passed in via ``connect_args``
 too::
 

src/crate/client/connection.py

@@ -33,7 +33,7 @@ def __init__(self,
                  timeout=None,
                  backoff_factor=0,
                  client=None,
-                 verify_ssl_cert=False,
+                 verify_ssl_cert=True,
                  ca_cert=None,
                  error_trace=False,
                  cert_file=None,
@@ -62,7 +62,7 @@ def __init__(self,
             client used to communicate with crate.
         :param verify_ssl_cert:
             if set to ``True`` verify the servers SSL server certificate.
-            defaults to ``False``
+            defaults to ``True``
         :param ca_cert:
             a path to a CA certificate to use when verifying the SSL server
             certificate.

src/crate/client/doctests/sqlalchemy.txt

@@ -32,7 +32,7 @@ The ``connect_args`` parameter has to be used to do so::
     ... })
     Engine(crate://)
 
-As defined in :ref:`https_connection` the client does not validate SSL server
+As defined in :ref:`https_connection` the client validates SSL server
 certificates by default. To configure this behaviour, SSL verification options
 can be given via ``connect_args`` too::