You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@arrow.apache.org by tu...@apache.org on 2023/01/25 09:46:25 UTC
[arrow-rs] branch master updated: Add ClientOption.allow_insecure (#3600)
This is an automated email from the ASF dual-hosted git repository.
tustvold pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/arrow-rs.git
The following commit(s) were added to refs/heads/master by this push:
new 98d35d3e4 Add ClientOption.allow_insecure (#3600)
98d35d3e4 is described below
commit 98d35d3e4351e12fcd6d882a8cb8670c90c770f8
Author: Daniel Poelzleithner <gi...@poelzi.org>
AuthorDate: Wed Jan 25 10:46:19 2023 +0100
Add ClientOption.allow_insecure (#3600)
* Add ClientOption.allow_insecure
Add option to allow insecure https connections.
In local isolated test environments, it is normal to use self signed, local
certificates for automated integration testing.
* clarify with_allow_invalid_certificates
Co-authored-by: Raphael Taylor-Davies <17...@users.noreply.github.com>
Co-authored-by: Raphael Taylor-Davies <17...@users.noreply.github.com>
---
object_store/src/client/mod.rs | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/object_store/src/client/mod.rs b/object_store/src/client/mod.rs
index f07377e98..d019e8119 100644
--- a/object_store/src/client/mod.rs
+++ b/object_store/src/client/mod.rs
@@ -52,6 +52,7 @@ pub struct ClientOptions {
default_headers: Option<HeaderMap>,
proxy_url: Option<String>,
allow_http: bool,
+ allow_insecure: bool,
timeout: Option<Duration>,
connect_timeout: Option<Duration>,
pool_idle_timeout: Option<Duration>,
@@ -106,6 +107,21 @@ impl ClientOptions {
self.allow_http = allow_http;
self
}
+ /// Allows connections to invalid SSL certificates
+ /// * false (default): Only valid HTTPS certificates are allowed
+ /// * true: All HTTPS certificates are allowed
+ ///
+ /// # Warning
+ ///
+ /// You should think very carefully before using this method. If
+ /// invalid certificates are trusted, *any* certificate for *any* site
+ /// will be trusted for use. This includes expired certificates. This
+ /// introduces significant vulnerabilities, and should only be used
+ /// as a last resort or for testing
+ pub fn with_allow_invalid_certificates(mut self, allow_insecure: bool) -> Self {
+ self.allow_insecure = allow_insecure;
+ self
+ }
/// Only use http1 connections
pub fn with_http1_only(mut self) -> Self {
@@ -259,6 +275,10 @@ impl ClientOptions {
builder = builder.http2_prior_knowledge()
}
+ if self.allow_insecure {
+ builder = builder.danger_accept_invalid_certs(self.allow_insecure)
+ }
+
builder
.https_only(!self.allow_http)
.build()