Feature: Allow custom verification of TLS certificates #107
Description
Is your feature request related to a problem?
I'm trying to host an instance of SurrealDB using a self signed TLS certificate. However, I can't use the python SDK to connect to this database since my TLS certificate will fail to be verified. It would be nice if the surrealdb.Surreal.__init__() constructor accepted an additional verify parameter that functioned similar the the verify parameter in the requests.get() function.
Describe the solution
I haven't looked though the actual code base, so the solution will depend on how the connections is implemented. If the connections are occurring though python requests, we could just pass off the verify keyword to the .get() or post() function. If these connections are occurring though the reqwests library in rust, we could just use the following configuration when building a client.
// Disable certificate authentication
let client = ClientBuilder::new()
.danger_accept_invalid_certs(true)
.build()?;
// Or specify a certificate
let mut buf = Vec::new();
File::open("path/to/tls_cert.crt").unwrap()
.read_to_end(&mut buf).unwrap();
let cert = reqwest::Certificate::from_pem(&buf).unwrap();
let client = reqwest::Client::builder()
.add_root_certificate(cert)
.build()
.unwrap();Alternative methods
Currently, the alternative I've resorted to is connecting to the database manually using https requests (handling TLS verification as necessary). This works just fine, but involves more boilerplate than is preferable. Another alternative I've considered is, using wss instead of https would likely yield in more performance improvements, but would also involve more manual configuration.
SurrealDB version
1.5.4 for linux on x86_64
surrealdb.py version
surrealdb.py 0.3.2 for debian linux on x86_64 using Python Python 3.12.2
Contact Details
Is there an existing issue for this?
- I have searched the existing issues
Code of Conduct
- I agree to follow this project's Code of Conduct