semantic-kernel icon indicating copy to clipboard operation
semantic-kernel copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Allow Custom httpClientHandler

Open vincilee2 opened this issue 1 year ago • 7 comments

Context

I deployed my own LLM models on Azure OpenAI, the endpoint is a self-signed.

Issues Description

When I sent complete request to my self-signed endpoint, semantic kernel will return an error message:

Error: The SSL connection could not be established, see inner exception.

I tried to trace the inner exception at debugging mode, got:

The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnKnown"

Related Code

In OpenAIClientAbstract.cs:

    internal OpenAIClientAbstract(ILogger? log = null, IDelegatingHandlerFactory? handlerFactory = null)
    {
        this.Log = log ?? this.Log;
        this._handlerFactory = handlerFactory ?? new DefaultHttpRetryHandlerFactory();

        this._httpClientHandler = new() { CheckCertificateRevocationList = true };
        this._retryHandler = this._handlerFactory.Create(this.Log);
        this._retryHandler.InnerHandler = this._httpClientHandler;

        this.HTTPClient = new HttpClient(this._retryHandler);
        this.HTTPClient.DefaultRequestHeaders.Add("User-Agent", HTTPUseragent);
    }

this._httpClientHandler = new() { CheckCertificateRevocationList = true }; The default httpClientHandler is set to always check certificate RevocationList.

Feature Request

Allow pass customized httpClientHandler either from _handlerFactory or from kernelBuilder.

vincilee2 avatar Mar 21 '23 09:03 vincilee2

you can try passing a customized httpClientHandler to the OpenAIClientAbstract class either from _handlerFactory or from kernelBuilder.

clintonimaroo avatar Mar 21 '23 10:03 clintonimaroo

@clintonimaroo I was wondering if pass through _handlerFactory would work since this._retryHandler.InnerHandler will always use the default _httpClientHandler

this._httpClientHandler = new() { CheckCertificateRevocationList = true };
this._retryHandler = this._handlerFactory.Create(this.Log);
this._retryHandler.InnerHandler = this._httpClientHandler;

vincilee2 avatar Mar 21 '23 12:03 vincilee2

Yes, passing a customized HttpClientHandler through the _handlerFactory could work, but you'd have to change the OpenAIClientAbstract class to use the customized HttpClientHandler instead of the default _httpClientHandler.

clintonimaroo avatar Mar 21 '23 13:03 clintonimaroo

@lemillermicrosoft suggestions? we're improving the backend to allow this sort of scenarios, but maybe there's a workaround now without changing the code

dluc avatar Mar 22 '23 02:03 dluc

I don't think there is a workaround right now. I believe @SergeyMenshykh was looking at enabling similar with https://github.com/microsoft/semantic-kernel/pull/73 and could address this as part of that change potentially.

lemillermicrosoft avatar Mar 22 '23 02:03 lemillermicrosoft

@dluc Can you provide an update on this issue?

microsoftShannon avatar Apr 13 '23 21:04 microsoftShannon

since the release of 0.12 we might have the fundamentals for something like this, but only for OpenAI and Azure, not a global solution. We could provide a sample workaround, though it would not be the ideal code. @vincilee2 would a workaround suffice?

dluc avatar Apr 19 '23 06:04 dluc

This is now possible -- you can specify your own httpClient when instantiating adding the AI Connectors:

https://github.com/microsoft/semantic-kernel/blob/main/dotnet/src/Connectors/Connectors.AI.OpenAI/KernelConfigOpenAIExtensions.cs

For instance:

`IKernel kernel = Kernel.Builder .AddAzureTextCompletionService("deploymentName", "endpoint", "apikey", httpClient: myCustomHttpClient) .Build();

shawncal avatar May 09 '23 00:05 shawncal