Provide a custom CA Bundle to enable handling of self-signed SSL certs, or disable SSL verification entirely#13
Merged
simosho merged 1 commit intowaylayio:waylay_mainfrom Feb 27, 2024
Conversation
…SSL certs, or disable SSL verifiation entirely
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This seems to be the most active fork of the original (abandoned) project.
Our loki server is fronted by an SSL enabled nginx proxy, with a self managed SSL certificate. We needed to be to provide our own CA bundle to the requests library that could verify the connection without raising an SSL exception, so this PR accomplishes that with minimal impact.
The requests library accepts a verify parameter than can either be a bool (to enable / disable verification) or a string that is treated as a file path to a custom CA bundle to use for verification.
We simple extended this to the LokiHandler.
See the request lib for more details.
https://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification