[satosa-users] how to get certificate verification on backend calls

On 10 Nov 2017, at 15:31, Ioannis Kakavas <ikakavas at protonmail.com> wrote: It uses oic.oauth2.Client internally ( https://github.com/OpenIDC/pyoidc/blob/master/src/oic/oauth2/__init__.py#L1… ) and I see verify_ssl default value is True so my guess is that certificates are (attempted to be) verified but ca_certs is None so it doesn't know what to verify it against ( doesn't know of any CAs ) .

We could pass this as a parameter in the OIDC frontend or change pyoidc to look for the system cacerts if it doesn't know of any.

I have a long flight next week and I could look into this if you make an issue out of it in Github Ioannis > -------- Original Message -------- > Subject: Re: [satosa-users] how to get certificate verification on backend calls > Local Time: November 9, 2017 6:55 PM > UTC Time: November 9, 2017 4:55 PM > From: fox at washington.edu > To: Scott Koranda <skoranda at gmail.com> > satosa-users at lists.sunet.se > > > How can I get the https gets on the backend processes to verify > certificates? > Are you asking how you can get SATOSA to use TLS trust for remote SAML > metadata that it needs to pull down? > > No, I mean the requests to a social OIDC OP, e.g. Google, to to the > token or userinfo endpoint. With those I'm getting an InsecureRequestWarning from > urllib3.

_______________________________________________ satosa-users mailing list satosa-users at lists.sunet.se https://lists.sunet.se/listinfo/satosa-users