charieswei
/
TradingAgents
mirror of https://github.com/TauricResearch/TradingAgents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
TradingAgents/SSL_CONFIGURATION.md

117 lines
3.7 KiB
Markdown
Raw Blame History

# SSL Certificate Bundle Configuration for TradingAgents
## Overview
This implementation provides flexible SSL/TLS certificate configuration for TradingAgents while maintaining backward compatibility. The system only applies custom SSL settings when explicitly configured via environment variables.
## Key Features
### 1. Environment Variable Based Configuration
- `REQUESTS_CA_BUNDLE` or `CURL_CA_BUNDLE`: Path to custom certificate bundle
- `SSL_VERIFY`: Enable/disable SSL verification (true/false)
- `HTTP_TIMEOUT`: Custom timeout for HTTP requests (seconds)
- `HTTP_PROXY`: HTTP proxy server
- `HTTPS_PROXY`: HTTPS proxy server
### 2. Default Behavior Preservation
- **If no environment variables are set**: Uses system default SSL behavior
- **Only applies custom settings when explicitly configured**
- **Empty or undefined variables are ignored**
### 3. Comprehensive Coverage
- **LangChain LLM clients**: Custom SSL configuration for OpenAI, OpenRouter, etc.
- **HTTP requests**: Custom configuration for Google News, Reddit APIs
- **Global SSL setup**: Sets environment variables for libraries that respect them
## Usage Examples
### Basic Usage (No Custom SSL)
```bash
# No SSL environment variables set
# Uses system default SSL behavior
python webapp/main.py
```
### Custom Certificate Bundle
```bash
# Use custom corporate certificate bundle
export REQUESTS_CA_BUNDLE=/path/to/corporate-ca-bundle.crt
python webapp/main.py
```
### Development/Testing (Disable SSL Verification)
```bash
# Disable SSL verification (NOT recommended for production)
export SSL_VERIFY=false
python webapp/main.py
```
### Behind Corporate Proxy
```bash
# Configure proxy settings
export HTTP_PROXY=http://proxy.company.com:8080
export HTTPS_PROXY=https://proxy.company.com:8080
export REQUESTS_CA_BUNDLE=/etc/ssl/corporate-ca-bundle.crt
python webapp/main.py
```
## Files Modified
### Core Configuration
- `tradingagents/default_config.py`: Added SSL configuration parameters
- `tradingagents/dataflows/ssl_utils.py`: SSL utility functions (NEW)
### Integration Points
- `tradingagents/graph/trading_graph.py`: LLM client SSL configuration
- `tradingagents/dataflows/googlenews_utils.py`: HTTP requests SSL configuration
- `tradingagents/dataflows/interface.py`: Integration with SSL configuration
### Documentation and Tools
- `.env.example`: Updated with SSL configuration examples
- `diagnose_ssl.py`: SSL diagnostic tool (NEW)
- `test_ssl_config.py`: SSL configuration test suite (NEW)
## Testing
Run the diagnostic tool to check your SSL configuration:
```bash
python diagnose_ssl.py
```
Run the test suite to verify SSL configuration behavior:
```bash
python test_ssl_config.py
```
## Troubleshooting
### Common SSL Errors and Solutions
1. **Certificate verification failed**
- Set `REQUESTS_CA_BUNDLE` to correct certificate bundle path
- Check if your organization uses custom CA certificates
2. **SSL: WRONG_VERSION_NUMBER**
- Usually indicates proxy configuration issues
- Set appropriate `HTTP_PROXY` and `HTTPS_PROXY` variables
3. **Connection timeout**
- Increase `HTTP_TIMEOUT` value
- Check network connectivity and proxy settings
4. **Name or service not known**
- Check DNS settings
- Verify proxy configuration
### Getting Help
1. Run `python diagnose_ssl.py` for comprehensive SSL diagnostics
2. Check your organization's IT documentation for certificate bundles
3. Contact your IT department for corporate proxy and certificate information
## Security Considerations
- **Never disable SSL verification in production**
- **Use custom certificate bundles for corporate environments**
- **Keep certificate bundles updated**
- **Secure proxy credentials if using authenticated proxies**
Reference in New Issue View Git Blame Copy Permalink