9.8. Requests TLS Session¶
The RequestsTLS service provides means to instantiate a requests.Session object with TLS settings set with respect to plugin configuration.
New in version 1.3.0.
9.8.1. Configuration example¶
[tls]
# To disable TLS completely, enter no as the value of this parameter.
# Default is yes
; enabled = yes
# Configure this parameter to enable client-side verification. The certificate shown
# by the server will be checked with this CA.
# If the value of this parameter is $[<trusted-ca-list-name>], the certificates are
# retrieved from the trusted CA list configured on SPS, identified by the name.
# When the certificate is inserted into the configuration file, it must be in PEM
# format and all the new lines must be indented with one whitespace. If it is a chain,
# insert the certificates right after each other.
; ca_cert = <ca-certificate-chain>
; ca_cert = $[<trusted-ca-list-name>]
# Configure this parameter to enable server-side verification. If the value of this
# parameter is $, the certificate identified by the section and option pair is retrieved
# from the configured Credential Store. When the certificate is inserted into the
# configuration file, it must be in PEM format and all the new lines must be indented
# with one whitespace. Note that encrypted keys are not supported.
; client_cert = <client-certificate-and-key>
9.8.2. Getting a Session object¶
After getting a session object, it can be used as a standard requests session to make API calls
from safeguard.sessions.plugin.requests_tls import RequestsTLS
class Plugin(PluginBase):
def hook(self):
requests_tls = RequestsTLS.from_config(self.plugin_configuration)
with requests_tls.open_session() as session:
session.get('https://httpbin.org')