[FEATURE] Add an option to turn on and off the certificate validation of llm connectors #4394
Conversation
… in ML Commons Resolves opensearch-project#4371 Signed-off-by: Abdul Muneer Kolarkunnu <[email protected]>
akolarkunnu
requested review from
HenryL27,
Zhangxunmt,
austintlee,
b4sjoo,
dhrubo-os,
jngz-es,
mingshl,
model-collapse,
pyek-bot,
rbhavna,
sam-herman,
xinyual,
ylwu-amzn and
zane-neo
as code owners
|
Thanks for publishing this PR. |
Another option: control enable/disable SSL on connector level |
@ylwu-amzn How can we do that? I didn't see any documentation around this? |
rithin-pullela-aws
left a comment
rithin-pullela-aws
left a comment
There was a problem hiding this comment.
Thanks for the changes @akolarkunnu !!
Just one high level concern, we call the flag: connector.ssl_verification_enabled
So it should be applicable to all the connectors.
Can we update the MCP and MCPStreamableHTTP connectors with the same logic for SSL validation? We are using java http client behind the scenes:
// Create streamable HTTP transport
McpClientTransport transport = HttpClientStreamableHttpTransport
.builder(mcpServerUrl)
.endpoint(endpoint)
.customizeClient(clientBuilder -> {
clientBuilder.connectTimeout(connectionTimeout);
clientBuilder.followRedirects(HttpClient.Redirect.NORMAL);
})
.customizeRequest(headerConfig)
.build();
3 participants
Description
Introduced a new setting parameter "plugins.ml_commons.connector.ssl_verification_enabled" to enable/disable ssl verification of llm connectors.
Tested with and without setting this parameter and I am able to connect a lll server by disabling ssl verification.
Added unit tests too.
Related Issues
Resolves #4371
Check List
--signoff.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.