Skip to content

Add support for mTLS-capable HTTP proxy with self-signed certs #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for mTLS-capable HTTP proxy with self-signed certs #129

wants to merge 1 commit into from

Conversation

@viranch
Copy link
Contributor

@viranch viranch commented Oct 3, 2024

Secure environments commonly use mutual TLS (mTLS)-capable HTTP proxies to ensure only approved clients are able to make outbound calls to only approved endpoints on the Internet. The client certificates for mTLS can be self-signed or using a custom CA.

This PR adds the support for doing the above when requests transport is used.

For passing the necessary config parameters to NS1 instance, the config in-take is also reworked in this PR to accept arbitrary dictionary in addition to API key. This is rework is designed to be backwards compatible.

An example use of this feature would be:

NS1(
  apiKey='super-secret',
  config={
    'http_proxy': 'http://proxy.corp.com',
    'client_cert': ('path/to/cert', 'path/to/key'),
    'cert_verify': 'path/to/certfile',
    # optionally put api key here instead of above
    'apiKey': 'super-secret,
  }
)

@viranch
Copy link
Contributor Author

viranch commented Oct 3, 2024

I'll work on the tests once the implementation approach is approved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@viranch