Enable SSL without client verification #736
Conversation
|
|
Hi @rzvoncek |
There was a problem hiding this comment.
Hello @mohammad-aburadeh , I'm sorry to send this back to you, but I don't think the change is complete.
| @@ -74,15 +74,18 @@ def __init__(self, ip_addresses, config): | |||
| password=self._cassandra_config.cql_password) | |||
| self._auth_provider = auth_provider | |||
|
|
|||
| if self._cassandra_config.certfile is not None: | |||
| if ((self._cassandra_config.ssl is not None and evaluate_boolean(self._cassandra_config.ssl)) | |||
| or self._cassandra_config.certfile is not None): | |||
| ssl_context = SSLContext(PROTOCOL_TLSv1_2) | |||
There was a problem hiding this comment.
Hi @mohammad-aburadeh! Sorry for the delay, but I finally managed to find the time to look at this.
And I'm sorry to admit, but I don't quite understand what the proposed change is. If I'm reading this right, the new behaviour is that if the new ssl option is present and set to True, it'll just set the ssl_context variable ... and then do nothing else.
The line 88 is indented under the condition of certfile being present, which is basically the old behaviour.
Please, could you clarify what your intent was?
Support SSL connection when client verification is not required.
Description
This PR is to support SSL connection without cert files required. This is needed when "require_client_auth" is disabled in Cassandra configurations.
Status
Closes #563 and #543