Skip to content

Fixed the SSL certificate issue while checking for the upgrade. #9293 #9471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
khushboovashi wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixed the SSL certificate issue while checking for the upgrade. #9293 #9471

khushboovashi wants to merge 2 commits into from

Conversation

@khushboovashi
Copy link
Contributor

@khushboovashi khushboovashi commented Dec 17, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated certificate handling during upgrade checks to ensure proper SSL certificate validation across Python versions.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Dec 17, 2025
edited
Loading

Walkthrough

Added certifi as a dependency and updated the upgrade_check function to use certifi for SSL certificate verification. The function now creates SSL context with the CA file when available, or falls back to certifi.where() for certificate bundle location when the CA file is missing.

Changes

Cohort / File(s) Summary
Dependency Management
requirements.txt		 Added certifi==2025.11.12 as a new dependency for SSL certificate verification
SSL Certificate Handling
web/pgadmin/misc/__init__.py		 Modified upgrade_check function to import certifi and implement conditional SSL context creation: uses CA_FILE when available; falls back to certifi.where() for Python 3.13+ or as cafile parameter for earlier versions when CA_FILE is missing

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Dependency addition is straightforward
  • SSL context logic follows a clear if-else pattern with fallback behavior
  • No complex interdependencies or control flow changes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly describes the main change: fixing an SSL certificate issue during upgrade checks, which aligns with the modifications to certifi handling and SSL context creation in the code changes.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Dec 17, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
web/pgadmin/misc/__init__.py (1)

385-390: Use consistent parameter passing for maintainability.

Line 390 uses positional arguments for data and timeout, while line 387 uses keyword arguments. For consistency and readability, consider using keyword arguments throughout.

Apply this diff to improve consistency:

-                response = urlopen(url, data, 5, cafile=certifi.where())
+                response = urlopen(url, data=data, timeout=5, cafile=certifi.where())
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4443494 and 8af9160.

📒 Files selected for processing (2)
  • requirements.txt (1 hunks)
  • web/pgadmin/misc/__init__.py (2 hunks)
🧰 Additional context used
🪛 Ruff (0.14.8)
web/pgadmin/misc/__init__.py

383-384: Audit URL open for permitted schemes. Allowing use of file: or custom schemes is often unexpected.

(S310)

387-388: Audit URL open for permitted schemes. Allowing use of file: or custom schemes is often unexpected.

(S310)

390-390: Audit URL open for permitted schemes. Allowing use of file: or custom schemes is often unexpected.

(S310)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: run-feature-tests-pg (15)
  • GitHub Check: run-feature-tests-pg (17)
  • GitHub Check: run-feature-tests-pg (14)
  • GitHub Check: run-feature-tests-pg (16)
  • GitHub Check: run-feature-tests-pg (18)
🔇 Additional comments (3)
web/pgadmin/misc/__init__.py (2)

12-12: LGTM!

The certifi import is correctly placed and supports the SSL certificate handling enhancements in the upgrade_check function.

375-384: LGTM!

The SSL context handling for Python 3.13+ correctly uses ssl.create_default_context() with the appropriate CA file, falling back to certifi when the configured CA file is unavailable.

requirements.txt (1)

22-22: Verify certifi package is free from security vulnerabilities.

Version 2025.11.12 exists on PyPI. Manually verify this version against the PyPA Advisory Database (https://github.com/pypa/advisory-database) and CVE databases (NVD) to ensure it is free from known vulnerabilities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@khushboovashi