Stop providing a hardcoded CA bundle by maxbelanger · Pull Request #489 · dropbox/dropbox-sdk-python · GitHub
Skip to content

Stop providing a hardcoded CA bundle#489

Merged
maxbelanger merged 9 commits into
mainfrom
remove-pinning
May 9, 2024
Merged

Stop providing a hardcoded CA bundle#489
maxbelanger merged 9 commits into
mainfrom
remove-pinning

Conversation

@maxbelanger

@maxbelanger maxbelanger commented May 6, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

The SDK no longer provides a CA bundle to verify SSL connections. This also allows us to remove the runtime dependency on pkg_resources and thus setuptools.

The ca_certs parameter is still supported, so users can pin with their own CA bundle if they so choose. Otherwise, the default verification mechanism in the requests library now applies (this uses certifi and/or system certificates, depending on the configuration).

Improves integration tests to cover both scenarios (i.e. when a bundle is provided, and when one isn't).

Checklist

General Contributing

  • Have you read the Code of Conduct and signed the CLA?

Is This a Code Change?

  • SDK Code Change
  • Example/Test Code Change

Validation

  • Does tox pass?
  • Do the tests pass?

@maxbelanger maxbelanger changed the title Remove certificate pinning from the SDK Don't use certificate pinning by default May 7, 2024
@maxbelanger maxbelanger changed the title Don't use certificate pinning by default Remove SDK-provided CA cert pinning May 7, 2024
maxbelanger
maxbelanger commented May 7, 2024
View reviewed changes
Comment thread dropbox/dropbox_client.py
@maxbelanger maxbelanger requested review from greg-db and sderickson May 7, 2024 06:42
@maxbelanger maxbelanger marked this pull request as ready for review May 7, 2024 06:42
sderickson
sderickson approved these changes May 8, 2024
View reviewed changes

@sderickson sderickson left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks Max!

@codecov

codecov Bot commented May 8, 2024
edited
Loading

Copy link
Copy Markdown

@maxbelanger maxbelanger changed the title Remove SDK-provided CA cert pinning Stop providing a hardcoded CA bundle May 9, 2024
april
april approved these changes May 9, 2024
View reviewed changes

@april april left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few minor changes

Comment thread dropbox/session.py
Comment thread test/integration/test_dropbox.py
Comment thread test/integration/test_dropbox.py

@april april May 9, 2024

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we remove these comments, or is the intention to fix this?

@maxbelanger maxbelanger May 9, 2024

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The intention is to fix this in a future PR. This is also not technically introduced in this PR, I've just moved this test out of the class.

@maxbelanger maxbelanger merged commit 41e4b00 into main May 9, 2024
@maxbelanger maxbelanger deleted the remove-pinning branch May 9, 2024 21:19
@tlambert03 tlambert03 mentioned this pull request May 20, 2024
Closed
@claude claude Bot mentioned this pull request May 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greg-db greg-db Awaiting requested review from greg-db
2 more reviewers
@april april april approved these changes
@sderickson sderickson sderickson approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maxbelanger @sderickson @april