pyHive mTLS for NGINX proxy

[alexio215]

Hello, I am looking to connect to an NGINX reverse proxy that serves the Thrift traffic into a HiveServer2. To connect securely, I am required to connect using mTLS, but in the Connection object that is being created, I only see the SSL cert being passed for a regular TLS handshake. I am looking to expand this capability to also send a client cert and key to be validated by the server.

I wanted to ask what is the preferred method of adding this. Adding parameters to the object constructor? I would add "client_cert", "client_key", and "ca_cert" with the boolean option of "mtls_proxy". This would have matching conditions to check if the mtls_proxy variable is to be used, and then add the correct certs to the ssl_context for mTLS.

Or, I could add in a parameter called "ssl_context", default it to none, and any time that an ssl_context is provided by the user the connect object will instead use the custom provided ssl_context, allowing the user to provide and specify the use of mTLS.

Please let me know which is preferred, and if this is a valid solution, thank you.