From 7073d37c260ec2b9e627435666d69644b5686950 Mon Sep 17 00:00:00 2001 From: Nicolas Koehl Date: Tue, 3 Jun 2025 17:36:42 +0700 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20Fix=20SSL=20certificate=20verifi?= =?UTF-8?q?cation=20in=20Gitea=20client?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace boolean SSL verification with certificate bundle usage to eliminate InsecureRequestWarning. Implements prioritized CA bundle detection from environment variables and project-local certificates. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- app/services/gitea_client.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/app/services/gitea_client.py b/app/services/gitea_client.py index 66b5d19..b0c3dab 100644 --- a/app/services/gitea_client.py +++ b/app/services/gitea_client.py @@ -16,7 +16,23 @@ class GiteaClient: self.api_base_url = os.getenv("GITEA_API_URL", "").rstrip("/") self.token = os.getenv("GITEA_API_TOKEN") self.username = os.getenv("GITEA_USERNAME") - self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true" + + # Configure SSL verification with certificate bundle + ssl_cert_file = os.getenv("SSL_CERT_FILE") + requests_ca_bundle = os.getenv("REQUESTS_CA_BUNDLE") + + # Use certificate bundle if available, otherwise fall back to boolean verification + if ssl_cert_file and os.path.exists(ssl_cert_file): + self.verify_ssl = ssl_cert_file + elif requests_ca_bundle and os.path.exists(requests_ca_bundle): + self.verify_ssl = requests_ca_bundle + else: + # Check for project-local certificate bundle + project_ca_bundle = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), "certs", "mei_sheng_ca_bundle.pem") + if os.path.exists(project_ca_bundle): + self.verify_ssl = project_ca_bundle + else: + self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true" if not self.api_base_url: logger.warning("GITEA_API_URL is not configured. Gitea integration will not work.")