diff options
| author | Alexandre Flament <alex@al-f.net> | 2022-07-19 23:40:11 +0200 |
|---|---|---|
| committer | Alexandre FLAMENT <alexandre.flament@hesge.ch> | 2022-10-14 13:59:22 +0000 |
| commit | 32e8c2cf098ae59baae5672e70436e47299bec82 (patch) | |
| tree | 2b70a212b2ccc5e26e77690f8a766f6e573c3c77 /searx/network | |
| parent | 72f6367e2323b2c57b2bb479dbadccd5b690a986 (diff) | |
| download | searxng-32e8c2cf098ae59baae5672e70436e47299bec82.tar.gz searxng-32e8c2cf098ae59baae5672e70436e47299bec82.zip | |
searx.network: add "verify" option to the networks
Each network can define a verify option:
* false to disable certificate verification
* a path to existing certificate.
SearXNG uses SSL_CERT_FILE and SSL_CERT_DIR when they are defined
see https://www.python-httpx.org/environment_variables/#ssl_cert_file
Diffstat (limited to 'searx/network')
| -rw-r--r-- | searx/network/client.py | 9 | ||||
| -rw-r--r-- | searx/network/network.py | 2 |
2 files changed, 3 insertions, 8 deletions
diff --git a/searx/network/client.py b/searx/network/client.py index 11086dd33..f25aaf9ab 100644 --- a/searx/network/client.py +++ b/searx/network/client.py @@ -26,9 +26,6 @@ else: logger = logger.getChild('searx.network.client') LOOP = None SSLCONTEXTS: Dict[Any, SSLContext] = {} -TRANSPORT_KWARGS = { - 'trust_env': False, -} def get_sslcontexts(proxy_url=None, cert=None, verify=True, trust_env=True, http2=False): @@ -74,7 +71,7 @@ def get_transport_for_socks_proxy(verify, http2, local_address, proxy_url, limit rdns = True proxy_type, proxy_host, proxy_port, proxy_username, proxy_password = parse_proxy_url(proxy_url) - verify = get_sslcontexts(proxy_url, None, True, False, http2) if verify is True else verify + verify = get_sslcontexts(proxy_url, None, verify, True, http2) if verify is True else verify return AsyncProxyTransportFixed( proxy_type=proxy_type, proxy_host=proxy_host, @@ -88,12 +85,11 @@ def get_transport_for_socks_proxy(verify, http2, local_address, proxy_url, limit local_address=local_address, limits=limit, retries=retries, - **TRANSPORT_KWARGS, ) def get_transport(verify, http2, local_address, proxy_url, limit, retries): - verify = get_sslcontexts(None, None, True, False, http2) if verify is True else verify + verify = get_sslcontexts(None, None, verify, True, http2) if verify is True else verify return httpx.AsyncHTTPTransport( # pylint: disable=protected-access verify=verify, @@ -102,7 +98,6 @@ def get_transport(verify, http2, local_address, proxy_url, limit, retries): proxy=httpx._config.Proxy(proxy_url) if proxy_url else None, local_address=local_address, retries=retries, - **TRANSPORT_KWARGS, ) diff --git a/searx/network/network.py b/searx/network/network.py index 677a908bf..87c077f23 100644 --- a/searx/network/network.py +++ b/searx/network/network.py @@ -334,7 +334,7 @@ def initialize(settings_engines=None, settings_outgoing=None): # see https://github.com/encode/httpx/blob/e05a5372eb6172287458b37447c30f650047e1b8/httpx/_transports/default.py#L108-L121 # pylint: disable=line-too-long default_params = { 'enable_http': False, - 'verify': True, + 'verify': settings_outgoing['verify'], 'enable_http2': settings_outgoing['enable_http2'], 'max_connections': settings_outgoing['pool_connections'], 'max_keepalive_connections': settings_outgoing['pool_maxsize'], |