phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-12 12:06:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: disable TLS verification explicitly

Browse source 
If verify_tls is False we disable the cert verification in the ssl
context.

Signed-off-by: Sébastien Han <seb@redhat.com>
This commit is contained in:
Sébastien Han 2025-10-10 14:46:06 +02:00
parent f379c787ad
commit a1c98ca87b
No known key found for this signature in database
2 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
llama_stack/core/server/auth_providers.py
View file

@ -112,8 +112,17 @@ class OAuth2TokenAuthProvider(AuthProvider):
try:
if self._jwks_client is None:
ssl_context = None
if self.config.tls_cafile:
ssl_context = ssl.create_default_context(cafile=self.config.tls_cafile.as_posix())
if not self.config.verify_tls:
# Disable SSL verification if verify_tls is False
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
elif self.config.tls_cafile:
# Use custom CA file if provided
ssl_context = ssl.create_default_context(
cafile=self.config.tls_cafile.as_posix(),
)
# If verify_tls is True and no tls_cafile, ssl_context remains None (use system defaults)
self._jwks_client = jwt.PyJWKClient(
self.config.jwks.uri,