uvicorn Load more than one ca

ca_certs is plural, but currently does not accept a list of CA certificate paths.

Nov 19 '21 11:11 brussee

I'm dubious about this PR, I'm no SSL expert though but this seems like this link explains it quite well : pass a directory containing your CAs : https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations Feel free to reopen if that's not the case

Nov 19 '21 11:11 euri10

You are referring to the 2nd argument of load_verify_locations but the current implementation gives only the 1st positional argument:

The cafile string, if present, is the path to a file of concatenated CA certificates in PEM format.

My PR proposes to allow a list, such that instead of concatenating all CA certs beforehand, you can provide a list of certificate files in different locations. This is arguably more flexible than requiring all of the files to be in a single directory.

@euri10 please re-open if you agree/want to re-consider

Nov 19 '21 11:11 brussee

Happy to reconsider then effectively, but:

add tests
change the positional only arg we currently have to kwargs so that we're clear on what location we use

Nov 19 '21 11:11 euri10

@euri10 done

Nov 19 '21 12:11 brussee

@euri10 updated formatting to make the linter happy

Nov 19 '21 12:11 brussee

@euri10 Would you like me to squash before merging?

Nov 19 '21 13:11 brussee

No need it's automatic on the repo iirc

Nov 19 '21 13:11 euri10

@brussee Are you still interested on this PR? If so, would you mind checking @euri10 's comments? 🙏

Jul 07 '22 19:07 Kludex

I switched from the approach in this PR to creating and injecting a fully configured SSLContext directly. Instead of maintaining code that wraps the SSLContext class like now, the alternative seems like a more maintainable approach.

Jul 29 '22 19:07 brussee

Load more than one ca_cert