def test_ssl_context_and_depreicated_values(self):
try:
ctx = create_ssl_context()
except AttributeError:
raise SkipTest("SSL Context not supported in this version of python")
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, use_ssl=True)
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, ca_certs="/some/path/to/cert.crt")
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, ssl_version=ssl.PROTOCOL_SSLv23)
def test_ssl_context_is_correctly(event_loop):
context = create_ssl_context(cafile="test_elasticsearch_async/ca.crt")
connection = AIOHttpConnection(ssl_context=context, http_auth=('user', 'secret'), loop=event_loop)
assert connection.session.connector._ssl.get_ca_certs() == [{
'subject': ((('commonName', 'Elastic Certificate Tool Autogenerated CA'),),),
'issuer': ((('commonName', 'Elastic Certificate Tool Autogenerated CA'),),),
'version': 3,
'serialNumber': 'C732AB792FAC34EB252EE2F03A316CD8CFE203B3',
'notBefore': 'Aug 26 18:27:28 2017 GMT',
'notAfter': 'Aug 25 18:27:28 2020 GMT'
}]
def __init__(self,
host='localhost',
port=9200,
http_auth=None,
use_ssl=False,
verify_certs=False,
ca_certs=None,
client_cert=None,
client_key=None,
loop=None,
use_dns_cache=True,
headers=None,
ssl_context=None,
trace_config=None,
**kwargs):
super().__init__(host=host, port=port, **kwargs)
self.loop = asyncio.get_event_loop() if loop is None else loop
if http_auth is not None:
if isinstance(http_auth, str):
http_auth = tuple(http_auth.split(':', 1))
if isinstance(http_auth, (tuple, list)):
http_auth = aiohttp.BasicAuth(*http_auth)
headers = headers or {}
headers.setdefault('content-type', 'application/json')
# if providing an SSL context, raise error if any other SSL related flag is used
if ssl_context and (verify_certs or ca_certs):
raise ImproperlyConfigured(
"When using `ssl_context`, `use_ssl`, `verify_certs`, `ca_certs` are not permitted"
)
if use_ssl or ssl_context:
cafile = ca_certs
if not cafile and not ssl_context and verify_certs:
# If no ca_certs and no sslcontext passed and asking to verify certs
# raise error
raise ImproperlyConfigured(
"Root certificates are missing for certificate "
"validation. Either pass them in using the ca_certs parameter or "
"install certifi to use it automatically.")
if verify_certs or ca_certs:
warnings.warn(
'Use of `verify_certs`, `ca_certs` have been deprecated in favor of using SSLContext`',
DeprecationWarning)
if not ssl_context:
# if SSLContext hasn't been passed in, create one.
# need to skip if sslContext isn't avail
try:
ssl_context = create_ssl_context(cafile=cafile)
except AttributeError:
ssl_context = None
if not verify_certs and ssl_context is not None:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
warnings.warn(
'Connecting to %s using SSL with verify_certs=False is insecure.'
% host)
if ssl_context:
verify_certs = True
use_ssl = True
trace_configs = [trace_config] if trace_config else None
max_connections = max(256, kwargs.get("max_connections", 0))
enable_cleanup_closed = kwargs.get("enable_cleanup_closed", False)
self.session = aiohttp.ClientSession(
auth=http_auth,
timeout=self.timeout,
connector=aiohttp.TCPConnector(
loop=self.loop,
verify_ssl=verify_certs,
use_dns_cache=use_dns_cache,
ssl_context=ssl_context,
limit=max_connections,
enable_cleanup_closed=enable_cleanup_closed),
headers=headers,
trace_configs=trace_configs,
response_class=RawClientResponse)
self.scheme = "https" if use_ssl else "http"
def __init__(self, host='localhost', port=9200, http_auth=None,
use_ssl=False, verify_certs=False, ca_certs=None, client_cert=None,
client_key=None, loop=None, use_dns_cache=True, headers=None,
ssl_context=None, **kwargs):
super().__init__(host=host, port=port, **kwargs)
self.loop = asyncio.get_event_loop() if loop is None else loop
if http_auth is not None:
if isinstance(http_auth, str):
http_auth = tuple(http_auth.split(':', 1))
if isinstance(http_auth, (tuple, list)):
http_auth = aiohttp.BasicAuth(*http_auth)
headers = headers or {}
headers.setdefault('content-type', 'application/json')
# if providing an SSL context, raise error if any other SSL related flag is used
if ssl_context and (verify_certs or ca_certs):
raise ImproperlyConfigured("When using `ssl_context`, `use_ssl`, `verify_certs`, `ca_certs` are not permitted")
if use_ssl or ssl_context:
cafile = ca_certs
if not cafile and not ssl_context and verify_certs:
# If no ca_certs and no sslcontext passed and asking to verify certs
# raise error
raise ImproperlyConfigured("Root certificates are missing for certificate "
"validation. Either pass them in using the ca_certs parameter or "
"install certifi to use it automatically.")
if verify_certs or ca_certs:
warnings.warn('Use of `verify_certs`, `ca_certs` have been deprecated in favor of using SSLContext`', DeprecationWarning)
if not ssl_context:
# if SSLContext hasn't been passed in, create one.
# need to skip if sslContext isn't avail
try:
ssl_context = create_ssl_context(cafile=cafile)
except AttributeError:
ssl_context = None
if not verify_certs and ssl_context is not None:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
warnings.warn(
'Connecting to %s using SSL with verify_certs=False is insecure.' % host)
if ssl_context:
verify_certs = True
use_ssl = True
self.session = aiohttp.ClientSession(
auth=http_auth,
conn_timeout=self.timeout,
connector=aiohttp.TCPConnector(
loop=self.loop,
verify_ssl=verify_certs,
use_dns_cache=use_dns_cache,
ssl_context=ssl_context,
),
headers=headers
)
self.base_url = 'http%s://%s:%d%s' % (
's' if use_ssl else '',
host, port, self.url_prefix
)