Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Allow custom verification of TLS certificates #107

Open
2 tasks done
akneni opened this issue Aug 5, 2024 · 0 comments
Open
2 tasks done

Feature: Allow custom verification of TLS certificates #107

akneni opened this issue Aug 5, 2024 · 0 comments

Comments

@akneni
Copy link

akneni commented Aug 5, 2024

Is your feature request related to a problem?

I'm trying to host an instance of SurrealDB using a self signed TLS certificate. However, I can't use the python SDK to connect to this database since my TLS certificate will fail to be verified. It would be nice if the surrealdb.Surreal.__init__() constructor accepted an additional verify parameter that functioned similar the the verify parameter in the requests.get() function.

Describe the solution

I haven't looked though the actual code base, so the solution will depend on how the connections is implemented. If the connections are occurring though python requests, we could just pass off the verify keyword to the .get() or post() function. If these connections are occurring though the reqwests library in rust, we could just use the following configuration when building a client.

// Disable certificate authentication
let client = ClientBuilder::new()
	.danger_accept_invalid_certs(true) 
	.build()?;

// Or specify a certificate
let mut buf = Vec::new();
File::open("path/to/tls_cert.crt").unwrap()
	.read_to_end(&mut buf).unwrap();
let cert = reqwest::Certificate::from_pem(&buf).unwrap();
let client = reqwest::Client::builder()
	.add_root_certificate(cert)
	.build()
	.unwrap();

Alternative methods

Currently, the alternative I've resorted to is connecting to the database manually using https requests (handling TLS verification as necessary). This works just fine, but involves more boilerplate than is preferable. Another alternative I've considered is, using wss instead of https would likely yield in more performance improvements, but would also involve more manual configuration.

SurrealDB version

1.5.4 for linux on x86_64

surrealdb.py version

surrealdb.py 0.3.2 for debian linux on x86_64 using Python Python 3.12.2

Contact Details

[email protected]

Is there an existing issue for this?

  • I have searched the existing issues

Code of Conduct

  • I agree to follow this project's Code of Conduct
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@akneni