Add command line flag to bypass SSL check

[darzok0914]

Describe the Bug

When I try to install a docset for cpp I have a SLL certificate error.

Expected Behaviour

Would it be possible to pass some cmd line argument (or a config file?) to either disable the ssl certificate check or pass the path to that certificate?
https://www.geeksforgeeks.org/ssl-certificate-verification-python-requests/

Steps to Reproduce the Bug

 zeal-cli install cpp

Getting list of available docsets
Traceback (most recent call last):
  File "urllib3/connectionpool.py", line 703, in urlopen
  File "urllib3/connectionpool.py", line 386, in _make_request
  File "urllib3/connectionpool.py", line 1040, in _validate_conn
  File "urllib3/connection.py", line 414, in connect
  File "urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
  File "urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
  File "ssl.py", line 513, in wrap_socket
  File "ssl.py", line 1071, in _create
  File "ssl.py", line 1342, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "requests/adapters.py", line 440, in send
  File "urllib3/connectionpool.py", line 785, in urlopen
  File "urllib3/util/retry.py", line 592, in increment
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='codeload.github.com', port=443): Max retries exceeded with url: /Kapeli/feeds/zip/refs/heads/master (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "zeal_cli.py", line 131, in <module>
  File "zeal_cli.py", line 75, in main
  File "zeal/downloads.py", line 50, in get_feeds
  File "zeal/downloads.py", line 28, in download_and_extract
  File "requests/api.py", line 75, in get
  File "requests/api.py", line 61, in request
  File "requests/sessions.py", line 529, in request
  File "requests/sessions.py", line 667, in send
  File "requests/sessions.py", line 667, in <listcomp>
  File "requests/sessions.py", line 237, in resolve_redirects
  File "requests/sessions.py", line 645, in send
  File "requests/adapters.py", line 517, in send
requests.exceptions.SSLError: HTTPSConnectionPool(host='codeload.github.com', port=443): Max retries exceeded with url: /Kapeli/feeds/zip/refs/heads/master (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)')))
[18458] Failed to execute script 'zeal_cli' due to unhandled exception!   

Version

1.2.0

OS

• MacOS
• Windows
• Linux

Additional Context

I am using ubuntu 20.04 on arm64 (docker dev env on mac m1 chip)

[Morpheus636]

To be clear, you're running this inside an Ubuntu Docker container within MacOS?

[darzok0914]

yes, so to give you the full picture, I'm using my work laptop which is a mac m1 chip, I use docker as a dev environment (basically as a drop in replacement of a Linux VM, as I use vim as a code editor I don't need a GUI)
my entire dev environment is set up with ansible (hence why the makefile which deletes a folder was not working for me)
as I'm using a work computer I have ssl certificates to set up, and I think it's set up correctly on my docker as usually I don't have any issue with that.

[darzok0914]

and I'm trying to use your little tool in combination with this other open source project:
https://gitlab.com/ivan-cukic/zeal-lynx-cli

[Morpheus636]

(hence why the makefile which deletes a folder was not working for me)

You still haven't posted the error for that. All of those deletions are with -f which should mean it ignores directories that don't exist. Please open a separate issue with this report.

The way you're using this isn't really intended or supported, although I'd be happy to try to get it working. This is a docker/macos issue, not a zeal-cli issue. That said, I'm going to recategorize this issue as a feature request and consider adding a way to bypass the SSL check.

[Morpheus636]

Most likely this will happen after the release of major version 2.0.0 in a minor version.

[darzok0914]

thanks so much for the consideration. I'm not sure this is a macos / docker issue. I think it's more of a SSL certificate handling issue? are you using SLL certificates as well on your machine? I suspect a lot of company computers are behind some sort of proxy or firewall that require handling of such certificates.

[Morpheus636]

I was looking at the error wrong (I've dealt with similar errors before on MacOS and I assumed thats what it was). It's an issue with your corporate network using a self-signed SSL certificate somewhere inline (my guess is that your corporate proxy uses one). It's still an issue with your setup, just in a different place then I thought.

Zeal-CLI always uses SSL, including verifying certificates.

[alkuzad]

@darzok0914 this is supported but you are not including self-signed certificates into Docker container. The proper way of handling this is to copy them from system and use "REQUESTS_CA_BUNDLE" env variable to point to it.

By default, requests use Mozilla list of trusted CA (widely used in open source) - https://pypi.org/project/certifi/, which for sure won't have local one. This is why you have to use variable to pass path to your local CA bundle that has all certificates that are known, and among these, there should be self-signed from corporation.