Hi everyone!

The poll-server has two targets it sends requests to - one is the queue-server and the other target is Opal. Unfortunately, HTTPS can only be globally enabled or disabled via the -s flag. This means you either reach out to the queue-server over plain HTTP, or a fully functional HTTPS connection to Opal is enforced.

In our case, the poll and Opal servers are sitting next to each other in a Kubernetes environment, where you usually would enable native mTLS via a service mesh instead of doing manual and application-specific certificate generation/validation/renewal and everything that comes with it.

As far as i can see, the -s flag only determines if the poll-server should either prepend http:// or https:// to the target <host>:<port> configuration strings. I would therefore suggest dropping the -s flag and instead expecting full URL strings as parameters, so that

ds_poll.py -q ds-queue.example.org:443 -o opal:8080 (which will not work)

would become

ds_poll.py -q https://ds-queue.example.org -o http://opal:8080.

This way I could easily decide which scheme should be used for which target (and it improves readability imho 🙂).

Cheers,
Hannes