mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[PR #20147] [CLOSED] fix: Use AIOHTTP_CLIENT_SESSION_SSL for connection to external tools (tika, ollama embeddings, external reranker) #112794
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/20147
Author: @orKL3mlz
Created: 12/23/2025
Status: ❌ Closed
Base:
dev← Head:dev📝 Commits (1)
84f2b12Use AIOHTTP_CLIENT_SESSION_SSL for connection to external tools📊 Changes
3 files changed (+12 additions, -5 deletions)
View changed files
📝
backend/open_webui/retrieval/loaders/main.py(+5 -3)📝
backend/open_webui/retrieval/models/external.py(+5 -1)📝
backend/open_webui/retrieval/utils.py(+2 -1)📄 Description
Pull Request Checklist
Note to first-time contributors: Please open a discussion post in Discussions to discuss your idea/fix with the community before creating a pull request, and describe your changes before submitting a pull request.
This is to ensure large feature PRs are discussed with the community first, before starting work on it. If the community does not want this feature or it is not relevant for Open WebUI as a project, it can be identified in the discussion before working on the feature and submitting the PR.
Before submitting, make sure you've checked the following:
devbranch. Not targeting thedevbranch will lead to immediate closure of the PR.Changelog Entry
Description
AIOHTTP_CLIENT_SESSION_SSLtoFalsesome requests made to external APIs are still blocked because of the SSL certificate verification failing when it's self-signed, for example.AIOHTTP_CLIENT_SESSION_SSLenvironment variable to fix the behavior of some requests made to these external APIs.Fixed
TikaLoaderinsidebackend/open_webui/retrieval/loaders/main.pyby addingverify=AIOHTTP_CLIENT_SESSION_SSLtorequest.put(line 117)ExternalRerankerinsidebackend/open_webui/retrieval/models/external.pyby addingverify=AIOHTTP_CLIENT_SESSION_SSLtorequests.post(line 53)agenerate_ollama_batch_embeddingsinsidebackend/open_webui/retrieval/utils.pyby addingssl=AIOHTTP_CLIENT_SESSION_SSLtosession.post(line 765)Security
AIOHTTP_CLIENT_SESSION_SSLis set toFalse. So if this was an expected behavior, requests will go through instead of failing because the certificate is not checked anymore.Additional Information
Screenshots or Videos
Without the code change, when importing a document
Tika SSL self-signed certificate error
If switching to a Tika HTTP endpoint instead of HTTPS, if a self-signed certificate is used to communicate with ollama embedding, it fails with this error in the backend
and in the frontend
With the code change, when importing a document
Everything goes smoothly and the document is processed correctly. (Can provide a screenshot if needed).
Sorry for double post, did not selected the correct branch.
Contributor License Agreement
By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.