Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AIOHTTPTransport default ssl cert validation add warning #530

Merged
merged 8 commits into from
Feb 18, 2025
Merged

AIOHTTPTransport default ssl cert validation add warning #530

merged 8 commits into from
Feb 18, 2025

Conversation

leszekhanusz
Copy link
Collaborator

@leszekhanusz leszekhanusz commented Feb 17, 2025
edited
Loading

Issue #529 reported that the AIOHTTPTransport did not validate ssl certificates by default.

This PR add tests for all transports to check the four possible cases using a self certificate:

  • By default, and if the ssl parameter is set to True, the validation should be made and fail.
  • if the ssl parameter is set to the self-certificate ssl context, the validation should be made and succeed.
  • if the ssl parameter is set to False, the validation should not be made and the request should succeed.

A new major version will be made to change this default behavior. In the meantime This PR will add a warning for AIOHTTPTransport for the default case to warn users.

Note that the tests also revealed that it was not possible to disable the certificate validation on the WebsocketsTransport. This should also be changed in the next major version.

@codecov Codecov
Copy link

codecov bot commented Feb 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (57ef910) to head (a79e330).
Report is 23 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##            master      #530   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           30        30           
  Lines         3102      3144   +42     
=========================================
+ Hits          3102      3144   +42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@leszekhanusz
Adding just a warning for now instead of changing the default
ab9bbc5
@leszekhanusz
Adding tests for HTTPXAsyncTransport
9589a43 
Adding explicitely verify as True in tests in addition to the default
behavior.

Adding tests with provided client certificate.
@leszekhanusz
Adding tests for the WebsocketsTransport
277e041 
It appears that it is not possible to disable ssl verification for this transport.
This could get fixed too in the next major version.
@leszekhanusz
Adding tests for PhoenixChannelWebsocketsTransport
819dbf9
@leszekhanusz
Adding tests for AIOHTTPWebsocketsTransport
c188759
@leszekhanusz
Fix httpx exception in test
a79e330
@leszekhanusz leszekhanusz changed the title AIOHTTPTransport default ssl cert validation set to True AIOHTTPTransport default ssl cert validation add warning Feb 18, 2025
@leszekhanusz leszekhanusz merged commit 68ae2e6 into graphql-python:master Feb 18, 2025
15 checks passed
@leszekhanusz leszekhanusz deleted the fix_aiohttp_default_ssl_cert_verify branch February 18, 2025 12:37
leszekhanusz added a commit to leszekhanusz/gql that referenced this pull request Feb 18, 2025
@leszekhanusz
Add the warning from PR graphql-python#530 in the stable branch
f14cff8
@leszekhanusz leszekhanusz mentioned this pull request Feb 18, 2025
Merged
leszekhanusz added a commit that referenced this pull request Feb 19, 2025
@leszekhanusz
Add the warning from PR #530 in the stable branch (#533)
740e988 
* Restrict graphql-core to <3.2.4 to fix tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mariuskava mariuskava mariuskava left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leszekhanusz @mariuskava