Look for custom cert/key, fall back to self-signed
TODO
-
look for custom .key .cert on server start -
rename plom.key
toplom-selfsigned.key
to match self-signed cert. -
remove the per-call verify=False
in favour of a per-session selection -
Default to true -
but pop-up a dialog to allow users to ignore cert errors - [ ]
-
-
Env var overrides: -
document how to use a sneaker-netted cert: roughly, export REQUESTS_CA_BUNDLE=/path/to/servers_cert_file.crt python3 -m plom.client python3 -m plom.scan # etc
-
this also works for the command-line tools
-
-
Avoiding aggravating our developers: if "dev" in plom.__version__
then fallback to no-SSL-verification sans popup dialog (just log a warning). -
Do we need to add -k
to all command-line tools? This matchescurl -k https://...
but might require some deeper refactoring (because the command line tools build msgr objects all over the place). -
Quick fix: add a PLOM_SSL_NO_VERIFY
env var. (I have haven't found an env var-based technique to disable SSL verification atrequests
orurllib3
level.)
Edited by Colin Macdonald