vmagamedov
/
grpclib
mirror of https://github.com/vmagamedov/grpclib.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated docs for secure channels

This commit is contained in:
Vladimir Magamedov 2023-10-02 19:26:03 +03:00
parent c2dd5fd8ba
commit 637d751434
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
docs/client.rst
View File

@ -59,13 +59,31 @@ Here is how to establish a secure connection to a public gRPC server:
In this case ``grpclib`` uses system CA certificates. But ``grpclib`` has also
a built-in support for a certifi_ package which contains actual Mozilla's
collection of CA certificates. All you need is to install it and keep it
updated -- this is a more favorable way than relying on system CA certificates:
collection of CA certificates. All you need is to install it and keep it up to
date -- this is a more favorable way than relying on system CA certificates:
.. code-block:: console
$ pip3 install certifi
Another way to tell which CA certificates to use is by using
:py:func:`python:ssl.get_default_verify_paths` function:
.. code-block:: python
channel = Channel(host, port, ssl=ssl.get_default_verify_paths())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This function also supports reading ``SSL_CERT_FILE`` and ``SSL_CERT_DIR``
environment variables to override your system defaults. It returns
``DefaultVerifyPaths`` named tuple structure which you can customize and provide
your own ``cafile`` and ``capath`` values without using environment variables or
placing certificates into a distribution-specific directory:
.. code-block:: python3
ssl.get_default_verify_paths()._replace(cafile=YOUR_CA_FILE)
``grpclib`` also allows you to use a custom SSL configuration by providing a
:py:class:`~python:ssl.SSLContext` object. We have a simple mTLS auth example
in our code repository to illustrate how this works.

2
grpclib/client.py
View File

@ -645,7 +645,7 @@ class Channel:
``ProtoStatusDetailsCodec`` is used by default
:param ssl: ``True`` or :py:class:`~python:ssl.SSLContext` object or
:py:class:`~python:ssl.DefaultVerifyPaths` object; if ``True``,
:py:class:`python:ssl.DefaultVerifyPaths` object; if ``True``,
default SSL context is used.
"""
if path is not None and (host is not None or port is not None):