SSL verification is not turned off despite setting skip_ssl = True

[mehmetgiritli]

Instantiating OptimadeClient with the skip_ssl flag like so:

from optimade.client import OptimadeClient

client = OptimadeClient(skip_ssl= True, ...)

Does not really have any effect on disabling SSL verification. I was able to sort myself out for the time being by hacking away here:

optimade-python-tools/optimade/client/client.py

Line 950 in 86f7fa8

async with self._http_client(headers=self.headers) as client: # type: ignore[union-attr,call-arg,misc]

into this:

async with self._http_client(headers=self.headers, verify = not self.skip_ssl) as client:  # type: ignore[union-attr,call-arg,misc]

Not sure of the ramifications tough.

[ml-evs]

Thanks @mehmetgiritli, this is probably just a poorly named option, the SSL skip is only meant to apply to downloading of the providers list (which had an expired cert at some point). I don't think I want to add SSL skipping generally. Do you have a use case for it?

[mehmetgiritli]

We are developing an Optimade APi with this library, but we also want to consume it using the client. Since the API is in various development environments and these tend to have self-signed certs, we need to have the client tolerate self-signed certs, while under development.

Hope that makes sense.

Thank you @ml-evs

[ml-evs]

Ah I see, in that case I'd be happy to add a way to run the client with SSL turned off on a given URL, rather than allowing SSL-less requests to all of OPTIMADE. Would you be interested in preparing a PR containing the changes above? Otherwise I can take a look at this when I get a moment.

[mehmetgiritli]

OK, that makes sense. I'll do a PR when I get around to it. Thank you :-)