9.8. Requests TLS Session¶
The RequestsTLS service provides means to instantiate a requests.Session object with TLS settings set with respect to plugin configuration.
New in version 1.3.0.
9.8.1. Configuration example¶
[tls]
# Set to 'no' to disable TLS completely
# Default is 'yes'
; enabled = yes
# Set this option to enable client side verification. Certificate from the
# server will be checked with this CA. If the value of the option is `$[<name>]`
# the certificates are retrieved from the trusted CA list configured on the SPS,
# identified by the name. When the certificate is given in the configuration, it
# should be in PEM format and all the new lines must be indented with one
# whitespace. If it is a chain, put the certificates right after each other.
; ca_cert = <ca-certificate-chain>
; ca_cert = $[<trusted_ca_list_name>]
# Client certificate, set this if verification is enabled on server side
# If the value of the option is `$` the certificate identified by the section
# and option pair is retrieved from the configured credential store. When the
# certificate and private key is given in the configuration it should be in
# PEM format and all the new lines must be indented with one whitespace. Note
# that encrypted keys are not supported.
; client_cert = <client-certificate-and-key>
9.8.2. Getting a Session object¶
After getting a session object, it can be used as a standard requests session to make API calls
from safeguard.sessions.plugin.requests_tls import RequestsTLS
class Plugin(PluginBase):
def hook(self):
requests_tls = RequestsTLS.from_config(self.plugin_configuration)
with requests_tls.open_session() as session:
session.get('https://httpbin.org')