Mei_Sheng_Textiles/nomad_mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Fix SSL certificate verification in Gitea client

Browse Source 
Replace boolean SSL verification with certificate bundle usage to eliminate InsecureRequestWarning. Implements prioritized CA bundle detection from environment variables and project-local certificates.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Nicolas Koehl
2025-06-03 17:36:42 +07:00
parent a0fc5c2bb2
commit 7073d37c26
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/services/gitea_client.py
View File

@ -16,6 +16,22 @@ class GiteaClient:
self.api_base_url = os.getenv("GITEA_API_URL", "").rstrip("/") self.api_base_url = os.getenv("GITEA_API_URL", "").rstrip("/")
self.token = os.getenv("GITEA_API_TOKEN") self.token = os.getenv("GITEA_API_TOKEN")
self.username = os.getenv("GITEA_USERNAME") self.username = os.getenv("GITEA_USERNAME")
# Configure SSL verification with certificate bundle
ssl_cert_file = os.getenv("SSL_CERT_FILE")
requests_ca_bundle = os.getenv("REQUESTS_CA_BUNDLE")
# Use certificate bundle if available, otherwise fall back to boolean verification
if ssl_cert_file and os.path.exists(ssl_cert_file):
self.verify_ssl = ssl_cert_file
elif requests_ca_bundle and os.path.exists(requests_ca_bundle):
self.verify_ssl = requests_ca_bundle
else:
# Check for project-local certificate bundle
project_ca_bundle = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), "certs", "mei_sheng_ca_bundle.pem")
if os.path.exists(project_ca_bundle):
self.verify_ssl = project_ca_bundle
else:
self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true" self.verify_ssl = os.getenv("GITEA_VERIFY_SSL", "true").lower() == "true"
if not self.api_base_url: if not self.api_base_url: