#The requests module and SSL/TLS

I am trying to connect to a local (on same LAN) JSON REST API. The API only has a self-signed cert at the moment.

Is there a way to ignore cert trust errors when making a request using the requests module?

what board are you using?

here's an example using native wifi (e.g., Espressif boards like ESP32-S2 https://gist.github.com/anecdata/85b761d23c14e03f4bc51525c8e7b8f2 you can include the cert or read it from a .pem file

I am using the PyPortal. As far as I can tell the PyPortal doesn't support socketpool. Is there a way to provide the pem file without the socket pool?

It's been a long time, not sure if I ever tested with ESP32SPI / Airlift. But maybe this works: https://docs.circuitpython.org/projects/esp32spi/en/latest/api.html#adafruit_esp32spi.adafruit_esp32spi.ESP_SPIcontrol.set_certificate

The docs indicate that method is for setting a client cert. Is the idea that, that method pulls double duty and allows the use of self-signed certs on web servers the device accesses?

That was tested to use when requesting from servers with a cert that was not working with the old cert store in the NINA firmware, and you get around it (if the cert was <1300 bytes -- bug) by getting the cert from the server and feeding it to that function. "Client" may be odd there, but the client is supplying the (self-signed? -- TBD) certificate that the server expects.

I'm sorry I am a little dense. You are saying that if I get the server's certificate and pass it to set_certificate the client (the PyPortal in my case) will then trust the server's certificate?

I hoping that's the case. That process works for other certs that just aren't in the local cert store. I don't recall if self-signed has been tested on ESP32SPI.

Well I will give it a shot, and report back here.

I've been trying it too, but haven't got it to work. Just went to look at the original PR https://github.com/adafruit/nina-fw/pull/11, not sure if it applies in this case or not.