ORNL
[Feature] - WARNING needs to be issued if domain specified by datafed python client is using self signed certs
Problem We Want to Solve
When standing up the metadata services using compose using a self signed certificate, you can use the python client to try to connect to the server. However, we are consistently seeing quiet failures due to the request timing out because it will not by default connect to a web site with a self signed cert.
DataFed provides a way around this if you pass in the --allow-self-signed-certs option.
datafed -H localhost {'server_host': 'localhost', 'manual_auth': False, 'version': False, 'client_cfg_dir': '/home/cloud/.datafed', 'client_cfg_file': '/home/cloud/.datafed/datafed-client.ini'} {'server_host': 'localhost', 'manual_auth': False, 'version': False, 'client_cfg_dir': '/home/cloud/.datafed', 'client_cfg_file': '/home/cloud/.datafed/datafed-client.ini'} Failed to download file: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /datafed-core-key.pub (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)'))) Could not open server public key file: /home/cloud/.datafed/datafed-core-key.pub
Describe the Solution You'd Like
There needs to be a warning when attempting to connect to a server that is using self signed certs instead of quiet failures. It should indicate that if you are intentionally trying to connect to a server using self signed certs you should provide the --allow-self-signed-certs flag with your request.
