[
https://issues.apache.org/jira/browse/AIRFLOW-2421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16815378#comment-16815378
]
ASF GitHub Bot commented on AIRFLOW-2421:
-----------------------------------------
ashb commented on pull request #4855: [AIRFLOW-2421] - HTTPHook set verify True
by default
URL: https://github.com/apache/airflow/pull/4855
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> HTTPHook and SimpleHTTPOperator do not verify certificates by default
> ---------------------------------------------------------------------
>
> Key: AIRFLOW-2421
> URL: https://issues.apache.org/jira/browse/AIRFLOW-2421
> Project: Apache Airflow
> Issue Type: Bug
> Components: hooks, security
> Affects Versions: 1.8.0
> Reporter: David Adrian
> Priority: Major
>
> To verify HTTPS certificates when using anything built with an HTTP hook, you
> have to explicitly pass the undocumented {{extra_options = \{"verify": True}
> }}. The offending line is at
> https://github.com/apache/incubator-airflow/blob/master/airflow/hooks/http_hook.py#L103.
> {code}
> response = session.send(
> <snip>
> verify=extra_options.get("verify", False),
> <snip>
> )
> {code}
> Not only is this the opposite default of what is expected, the necessary
> requirements to verify certificates (e.g certifi), are already installed as
> part of Airflow. I haven't dug through all of the code yet, but I'm concerned
> that any other connections, operators or hooks built using HTTP hook don't
> pass this option in.
> Instead, the HTTP hook should default to {{verify=True}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
