fix(cadastre): NSPDBulkClient verify=False for NSPD SSL chain (#168 hotfix)

Pilot run #1 failed on all 50 quarters with:
  NspdBulkError: [SSL: CERTIFICATE_VERIFY_FAILED] self-signed certificate
  in certificate chain

NSPD prod chain on Beget VPS contains an internal/self-signed CA →
httpx default verify=True trips. Reuse pattern from legacy
app.services.scrapers.nspd_lite (uses ssl._create_unverified_context()
for same reason since April 2026).

Risk profile: NSPD public gov data, no sensitive payload outbound,
admin token не уходит к NSPD endpoints. MITM risk minimal.
This commit is contained in:
lekss361 2026-05-15 14:47:28 +03:00
parent 37e4f854c5
commit 5785fc3ad7

View file

@ -114,10 +114,16 @@ class NSPDBulkClient:
self._client: httpx.AsyncClient | None = None
async def __aenter__(self) -> NSPDBulkClient:
# NSPD prod chain contains a self-signed/internal CA on Beget VPS →
# default verify trips CERTIFICATE_VERIFY_FAILED. Existing legacy
# client (app.services.scrapers.nspd_lite) uses unverified context
# for the same reason — reuse pattern. Risk OK: public gov data,
# no sensitive payload, X-Admin-Token не уходит к NSPD.
self._client = httpx.AsyncClient(
headers=self._headers,
timeout=self._timeout,
follow_redirects=True,
verify=False,
)
return self