Refactored SSL Handling #73
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fuzzbawls
added a commit
that referenced
this pull request
Oct 28, 2025
9ea7664 update dependencies (Fuzzbawls) 6ef7a59 Use certifi package for SSL Certificates (Liquid369) Pull request description: macOS was inconsistently using a mix of (old) system + certifi SSL certificates, leading to RPC endpoint connection attempts resulting in invalid SSL certificate errors. This unifies all https connections to use certifi, which is provided at distribution time to be the latest available version, and disregard any potential stale system certificates. Replaces #73 Top commit has no ACKs. Tree-SHA512: 795c38a463ac40e99038a6dc1ac54795ba45a7ea87167fe5f735b8b4d4d306c0bc15f8a7d3784e20259cb3f84832f7c64d7878f16c546936a0f230c5f86e2805
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Users have been reporting issues with their SSL certificates failing to verify. After research we have found that some packages are handled differently now with 3.10 vs 3.9 python versions. This makes a need for how we were handling things before for users to install an extra python package which is not suitable for them. Which is also why it was not caught in testing as we have these packages installed already in our environments.
We are now importing the certifi package and using that to grab the SSL root certificate paths to pass approrpiately to verify against root certs.
I have changed the way we are handling the HTTP/HTTPS connections for the RPC client because it is also handled in the bitcoin json rpc library we are using causing some confusion with our use of
self.httpConnectionand then AuthServiceProxy having similar check in its init function.Lastly, when testing after this I had some crashing from the response time calculation for trying to add a 'None' type by a float value, and so incase of 'None' we now set it to a default float value of 0.0 to resolve this.