fix(tradein): verify=False for EKB geoportal WFS (Russian-CA cert)
All checks were successful
CI / changes (pull_request) Successful in 5s
CI / backend-tests (pull_request) Has been skipped
CI / frontend-tests (pull_request) Has been skipped
CI / openapi-codegen-check (pull_request) Has been skipped

The geoportal serves a Russian national-CA (Минцифры) TLS cert absent from
httpx's default trust store → CERTIFICATE_VERIFY_FAILED, loader fetched 0.
Public read-only data → verify=False (same as the curl -k used in recon).
This commit is contained in:
bot-backend 2026-06-19 18:19:03 +03:00
parent 7494255180
commit 112e5cc2f1

View file

@ -220,7 +220,12 @@ class EkbGeoportalClient:
}
url = f"{GEOPORTAL_HOST}{WFS_PATH}"
try:
async with httpx.AsyncClient(timeout=self._timeout, headers=_BROWSER_HEADERS) as client:
# Геопортал ЕКБ отдаёт сертификат российского CA (Минцифры), которого нет в
# стандартном trust store httpx → TLS verify падает. Данные публичные,
# read-only → verify=False (тот же подход, что curl -k при разведке).
async with httpx.AsyncClient(
timeout=self._timeout, headers=_BROWSER_HEADERS, verify=False
) as client:
resp = await client.get(url, params=params)
if resp.status_code != 200:
logger.warning("geoportal WFS → HTTP %d for bbox=%s", resp.status_code, bbox)