Skip to content

[client] Add proxy certificate support for HTTPS connections (#12177) #1026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: release/current
Choose a base branch
from
Open

[client] Add proxy certificate support for HTTPS connections (#12177) #1026

wants to merge 3 commits into from

Conversation

@maelv-filigran
Copy link

@maelv-filigran maelv-filigran commented Oct 29, 2025
edited
Loading

Proposed changes

  • Added automatic HTTPS proxy certificate handling in OpenCTI client-python
  • Implemented _setup_proxy_certificates() method that detects HTTPS_CA_CERTIFICATES environment variable and combines proxy certificates with system certificates
  • Added support for enterprise proxy environments by creating secure temporary certificate bundles
  • Configured SSL verification for both requests library and urllib through environment variables

Related issues

  • Resolves proxy connectivity issues for Python connectors in enterprise environments
  • Generalizes the connector proxy certificate fix to benefit all Python-based connectors
  • OCTI #12177

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

This implementation provides a centralized solution for HTTPS proxy certificate handling in enterprise environments. The solution:

  • Zero Configuration: Automatically activates when HTTPS_CA_CERTIFICATES environment variable is provided
  • Enterprise Ready: Combines proxy certificates with system certificates from multiple Linux distributions (Debian/Ubuntu, RHEL/CentOS, Alpine/BSD)
  • Backwards Compatible: No impact on existing configurations
  • Secure: Uses temporary directories with proper permissions and graceful error handling
  • Universal: Benefits all Python connectors automatically without individual modifications

@maelv-filigran maelv-filigran mentioned this pull request Oct 29, 2025
Closed
5 tasks
@maelv-filigran maelv-filigran marked this pull request as draft October 29, 2025 11:09
@maelv-filigran maelv-filigran changed the title Opencti/issue/12177 [client] Add proxy certificate support for HTTPS connections (#12177) Oct 29, 2025
@maelv-filigran maelv-filigran self-assigned this Oct 29, 2025
@maelv-filigran maelv-filigran added the filigran team use to identify PR from the Filigran team label Oct 29, 2025
@maelv-filigran maelv-filigran marked this pull request as ready for review October 29, 2025 11:24
@maelv-filigran maelv-filigran changed the base branch from master to release/current October 29, 2025 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JeremyCloarec JeremyCloarec Awaiting requested review from JeremyCloarec

Assignees

@maelv-filigran maelv-filigran

Labels

filigran team use to identify PR from the Filigran team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maelv-filigran