Hello with client cert my old friend. Today I needed to connect a ticket system to you.

I had to tweak it a little though, because I have no idea where to put client certificates for Python’s requests lib and my current customer requires that. Any HTTPS request without will fail with status code 400: No required SSL certificate was sent. On top it’s a self signed so let’s ignore self signed server certs (I know…).

For this I edited ~/.local/lib/python3.11/site-packages/bugzilla/_backendxmlrpc.py line 43 from this:

        # pylint: disable=raise-missing-from
        try:
            response = self.__bugzillasession.request(
                "POST", url, data=request_body)

to

        # pylint: disable=raise-missing-from
        cert = ()
        verify = True
        
        if url.startswith('https://bugzilla.example.com/'):
            log.debug("Adding client certs for url: %s", url)
            cert=('/path/to/client.crt', '/path/to/client.key')
            verify = False

        try:
            response = self.__bugzillasession.request(
                "POST", url, verify=verify, data=request_body,
                cert=cert)

This time I even added my extra bits in a conditional way so other bugzilla configs should not be affected. There may be better ways to achieve this but I’ve seen no obvious in the docs at https://bugwarrior.readthedocs.io/en/latest/services/bugzilla.html – YMMV.

Leave a Reply