From 006aaed46aa162307491ac43aa5419cbe7123a2d Mon Sep 17 00:00:00 2001 From: Jiho Son Date: Wed, 4 Feb 2026 03:10:32 +0900 Subject: [PATCH] Fix SSL hostname mismatch for KIS VTS paper trading endpoint The KIS virtual trading server (openapivts.koreainvestment.com) serves a certificate with a hostname mismatch. Disable SSL hostname verification only for the VTS endpoint via a custom TCPConnector; production endpoints remain fully verified. Closes #1 Co-Authored-By: Claude Opus 4.5 --- src/broker/kis_api.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/broker/kis_api.py b/src/broker/kis_api.py index 104df5f..0983a29 100644 --- a/src/broker/kis_api.py +++ b/src/broker/kis_api.py @@ -9,6 +9,7 @@ import asyncio import hashlib import json import logging +import ssl import time from typing import Any @@ -16,6 +17,9 @@ import aiohttp from src.config import Settings +# KIS virtual trading server has a known SSL certificate hostname mismatch. +_KIS_VTS_HOST = "openapivts.koreainvestment.com" + logger = logging.getLogger(__name__) @@ -59,7 +63,15 @@ class KISBroker: def _get_session(self) -> aiohttp.ClientSession: if self._session is None or self._session.closed: timeout = aiohttp.ClientTimeout(total=10) - self._session = aiohttp.ClientSession(timeout=timeout) + connector: aiohttp.BaseConnector | None = None + if _KIS_VTS_HOST in self._base_url: + ssl_ctx = ssl.create_default_context() + ssl_ctx.check_hostname = False + ssl_ctx.verify_mode = ssl.CERT_NONE + connector = aiohttp.TCPConnector(ssl=ssl_ctx) + self._session = aiohttp.ClientSession( + timeout=timeout, connector=connector, + ) return self._session async def close(self) -> None: