Look for custom cert/key, fall back to self-signed
- look for custom .key .cert on server start
plom-selfsigned.keyto match self-signed cert.
remove the per-call
verify=Falsein favour of a per-session selection
Default to true
- but pop-up a dialog to allow users to ignore cert errors
- [ ]
Env var overrides:
document how to use a sneaker-netted cert: roughly,
export REQUESTS_CA_BUNDLE=/path/to/servers_cert_file.crt python3 -m plom.client python3 -m plom.scan # etc
- this also works for the command-line tools
- document how to use a sneaker-netted cert: roughly,
Avoiding aggravating our developers: if
"dev" in plom.__version__then fallback to no-SSL-verification sans popup dialog (just log a warning).
Do we need to add
-kto all command-line tools? This matches
curl -k https://...but might require some deeper refactoring (because the command line tools build msgr objects all over the place).
Quick fix: add a
PLOM_SSL_NO_VERIFYenv var. (I have haven't found an env var-based technique to disable SSL verification at