🔒 Fix SSL certificate verification in Gitea client
Replace boolean SSL verification with certificate bundle usage to eliminate InsecureRequestWarning. Implements prioritized CA bundle detection from environment variables and project-local certificates. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@ -16,7 +16,23 @@ class GiteaClient:
|
||||
self.api_base_url = os.getenv("GITEA_API_URL", "").rstrip("/")
|
||||
self.token = os.getenv("GITEA_API_TOKEN")
|
||||
self.username = os.getenv("GITEA_USERNAME")
|
||||
self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true"
|
||||
|
||||
# Configure SSL verification with certificate bundle
|
||||
ssl_cert_file = os.getenv("SSL_CERT_FILE")
|
||||
requests_ca_bundle = os.getenv("REQUESTS_CA_BUNDLE")
|
||||
|
||||
# Use certificate bundle if available, otherwise fall back to boolean verification
|
||||
if ssl_cert_file and os.path.exists(ssl_cert_file):
|
||||
self.verify_ssl = ssl_cert_file
|
||||
elif requests_ca_bundle and os.path.exists(requests_ca_bundle):
|
||||
self.verify_ssl = requests_ca_bundle
|
||||
else:
|
||||
# Check for project-local certificate bundle
|
||||
project_ca_bundle = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), "certs", "mei_sheng_ca_bundle.pem")
|
||||
if os.path.exists(project_ca_bundle):
|
||||
self.verify_ssl = project_ca_bundle
|
||||
else:
|
||||
self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true"
|
||||
|
||||
if not self.api_base_url:
|
||||
logger.warning("GITEA_API_URL is not configured. Gitea integration will not work.")
|
||||
|
Reference in New Issue
Block a user