diff --git a/arango/client.py b/arango/client.py index 75f32539..f7a47171 100644 --- a/arango/client.py +++ b/arango/client.py @@ -45,6 +45,8 @@ class ArangoClient: the de-serialized object. If not given, ``json.loads`` is used by default. :type deserializer: callable + :param verify_certificate: Verify TLS certificates. + :type verify_certificate: bool """ def __init__( @@ -55,6 +57,7 @@ def __init__( http_client: Optional[HTTPClient] = None, serializer: Callable[..., str] = lambda x: dumps(x), deserializer: Callable[[str], Any] = lambda x: loads(x), + verify_certificate: bool = True, ) -> None: if isinstance(hosts, str): self._hosts = [host.strip("/") for host in hosts.split(",")] @@ -76,6 +79,10 @@ def __init__( self._deserializer = deserializer self._sessions = [self._http.create_session(h) for h in self._hosts] + # set flag for SSL/TLS certificate verification + for session in self._sessions: + session.verify = verify_certificate + def __repr__(self) -> str: return f"" @@ -110,6 +117,7 @@ def db( verify: bool = False, auth_method: str = "basic", superuser_token: Optional[str] = None, + verify_certificate: bool = True, ) -> StandardDatabase: """Connect to an ArangoDB database and return the database API wrapper. @@ -130,6 +138,8 @@ def db( If set, parameters **username**, **password** and **auth_method** are ignored. This token is not refreshed automatically. :type superuser_token: str + :param verify_certificate: Verify TLS certificates. + :type verify_certificate: bool :return: Standard database API wrapper. :rtype: arango.database.StandardDatabase :raise arango.exceptions.ServerConnectionError: If **verify** was set diff --git a/docs/certificates.rst b/docs/certificates.rst new file mode 100644 index 00000000..5dde7191 --- /dev/null +++ b/docs/certificates.rst @@ -0,0 +1,30 @@ +TLS certificate verification +---------------------------- + +When connecting against a server using an https/TLS connection, TLS certificates +are verified by default. +By default, self-signed certificates will cause trouble when connecting. + +.. code-block:: python + + client = ArangoClient(hosts="https://localhost:8529") + +In order to make connections work even when using self-signed certificates, the +`verify_certificates` option can be disabled when creating the `ArangoClient` +instance: + +.. code-block:: python + + client = ArangoClient(hosts="https://localhost:8529", verify_certificate=False) + +This will allow connecting, but the underlying `urllib3` library may still issue +warnings due to the insecurity of using self-signed certificates. + +To turn off these warnings as well, you can add the following code to your client +application: + +.. code-block:: python + + import requests + requests.packages.urllib3.disable_warnings() +