Skip to content

allow to disable TLS certificate verification #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 13, 2022
Merged

allow to disable TLS certificate verification #199

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
daf384e
allow to disable TLS certificate verification
jsteemann Apr 13, 2022
4ff5c4d
black formatting fix
cw00dw0rd Apr 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions arango/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ class ArangoClient:
the de-serialized object. If not given, ``json.loads`` is used by
default.
:type deserializer: callable
:param verify_certificate: Verify TLS certificates.
:type verify_certificate: bool
"""

def __init__(
Expand All @@ -55,6 +57,7 @@ def __init__(
http_client: Optional[HTTPClient] = None,
serializer: Callable[..., str] = lambda x: dumps(x),
deserializer: Callable[[str], Any] = lambda x: loads(x),
verify_certificate: bool = True,
) -> None:
if isinstance(hosts, str):
self._hosts = [host.strip("/") for host in hosts.split(",")]
Expand All @@ -76,6 +79,10 @@ def __init__(
self._deserializer = deserializer
self._sessions = [self._http.create_session(h) for h in self._hosts]

# set flag for SSL/TLS certificate verification
for session in self._sessions:
session.verify = verify_certificate

def __repr__(self) -> str:
return f"<ArangoClient {','.join(self._hosts)}>"

Expand Down Expand Up @@ -110,6 +117,7 @@ def db(
verify: bool = False,
auth_method: str = "basic",
superuser_token: Optional[str] = None,
verify_certificate: bool = True,
) -> StandardDatabase:
"""Connect to an ArangoDB database and return the database API wrapper.

Expand All @@ -130,6 +138,8 @@ def db(
If set, parameters **username**, **password** and **auth_method**
are ignored. This token is not refreshed automatically.
:type superuser_token: str
:param verify_certificate: Verify TLS certificates.
:type verify_certificate: bool
:return: Standard database API wrapper.
:rtype: arango.database.StandardDatabase
:raise arango.exceptions.ServerConnectionError: If **verify** was set
Expand Down
30 changes: 30 additions & 0 deletions docs/certificates.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
TLS certificate verification
----------------------------

When connecting against a server using an https/TLS connection, TLS certificates
are verified by default.
By default, self-signed certificates will cause trouble when connecting.

.. code-block:: python

client = ArangoClient(hosts="https://localhost:8529")

In order to make connections work even when using self-signed certificates, the
`verify_certificates` option can be disabled when creating the `ArangoClient`
instance:

.. code-block:: python

client = ArangoClient(hosts="https://localhost:8529", verify_certificate=False)

This will allow connecting, but the underlying `urllib3` library may still issue
warnings due to the insecurity of using self-signed certificates.

To turn off these warnings as well, you can add the following code to your client
application:

.. code-block:: python

import requests
requests.packages.urllib3.disable_warnings()