[Feature] - WARNING needs to be issued if domain specified by datafed python client is using self signed certs #1418
Labels
Type: New Feature
New or enhanced feature
Comments
JoshuaSBrown
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem We Want to Solve
When standing up the metadata services using compose using a self signed certificate, you can use the python client to try to connect to the server. However, we are consistently seeing quiet failures due to the request timing out because it will not by default connect to a web site with a self signed cert.
DataFed provides a way around this if you pass in the --allow-self-signed-certs option.
datafed -H localhost {'server_host': 'localhost', 'manual_auth': False, 'version': False, 'client_cfg_dir': '/home/cloud/.datafed', 'client_cfg_file': '/home/cloud/.datafed/datafed-client.ini'} {'server_host': 'localhost', 'manual_auth': False, 'version': False, 'client_cfg_dir': '/home/cloud/.datafed', 'client_cfg_file': '/home/cloud/.datafed/datafed-client.ini'} Failed to download file: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /datafed-core-key.pub (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)'))) Could not open server public key file: /home/cloud/.datafed/datafed-core-key.pubDescribe the Solution You'd Like
There needs to be a warning when attempting to connect to a server that is using self signed certs instead of quiet failures. It should indicate that if you are intentionally trying to connect to a server using self signed certs you should provide the --allow-self-signed-certs flag with your request.
Alternatives (optional)
Additional context
The text was updated successfully, but these errors were encountered: