Hello with client cert my old friend. Today I needed to connect a ticket system to you.

I had to tweak it a little though, because I have no idea where to put client certificates for Python’s requests lib and my current customer requires that. Any HTTPS request without will fail with status code 400: No required SSL certificate was sent. On top it’s a self signed so let’s ignore self signed server certs (I know…).

For this I edited ~/.local/lib/python3.11/site-packages/bugzilla/_backendxmlrpc.py line 43 from this:

        # pylint: disable=raise-missing-from
        try:
            response = self.__bugzillasession.request(
                "POST", url, data=request_body)

to

        # pylint: disable=raise-missing-from
        cert = ()
        verify = True
        
        if url.startswith('https://bugzilla.example.com/'):
            log.debug("Adding client certs for url: %s", url)
            cert=('/path/to/client.crt', '/path/to/client.key')
            verify = False

        try:
            response = self.__bugzillasession.request(
                "POST", url, verify=verify, data=request_body,
                cert=cert)

This time I even added my extra bits in a conditional way so other bugzilla configs should not be affected. There may be better ways to achieve this but I’ve seen no obvious in the docs at https://bugwarrior.readthedocs.io/en/latest/services/bugzilla.html – YMMV.

I’ll probably need this again so writing it up: is an awesome little helper syncing tasks to (where I use to track hours spent). It connects to various ticket systems like , or .

Today I had to tweak it a little though, because I have no idea where to put client certificates for Python’s requests lib and my current customer requires that. Any HTTPS request without will fail with status code 400: No required SSL certificate was sent.

For this I edited ~/.local/lib/python3.11/site-packages/bugwarrior/services/gitlab.py line 364 from this:

response = requests.get(url, headers=headers, verify=self.verify_ssl, **kwargs)

to

response = requests.get(url, cert=('/path/to/client.crt', '/path/to/client.key'), headers=headers, verify=self.verify_ssl, **kwargs)

Important: Any request to _some_ GitLab by Bugwarrior will offer the client cert now. That’s fine for me because I’ve currently only one GitLab system to check at the moment. There may be better ways to achieve this but I’ve seen no obvious in the docs at https://bugwarrior.readthedocs.io/en/latest/services/gitlab.html – YMMV.