diff --git a/src/py/flwr/client/app.py b/src/py/flwr/client/app.py index 9711c716f519..81bbee148c95 100644 --- a/src/py/flwr/client/app.py +++ b/src/py/flwr/client/app.py @@ -53,6 +53,13 @@ def run_client() -> None: # Obtain certificates if args.insecure: + if args.root_certificates is not None: + sys.exit( + "Conflicting options: The '--insecure' flag disables HTTPS, " + "but '--root-certificates' was also specified. Please remove " + "the '--root-certificates' option when running in insecure mode, " + "or omit '--insecure' to use HTTPS." + ) log(WARN, "Option `--insecure` was set. Starting insecure HTTP client.") root_certificates = None else: @@ -94,9 +101,8 @@ def _parse_args_client() -> argparse.ArgumentParser: parser.add_argument( "--insecure", action="store_true", - help="Run the client without HTTPS, regardless of whether certificate " - "paths are provided. By default, the client runs with HTTPS enabled. " - "Use this flag only if you understand the risks.", + help="Run the client without HTTPS. By default, the client runs with " + "HTTPS enabled. Use this flag only if you understand the risks.", ) parser.add_argument( "--root-certificates", diff --git a/src/py/flwr/common/grpc.py b/src/py/flwr/common/grpc.py index 5b8737e8c260..9d0543ea8c75 100644 --- a/src/py/flwr/common/grpc.py +++ b/src/py/flwr/common/grpc.py @@ -32,6 +32,14 @@ def create_channel( max_message_length: int = GRPC_MAX_MESSAGE_LENGTH, ) -> grpc.Channel: """Create a gRPC channel, either secure or insecure.""" + # Check for conflicting parameters + if insecure and root_certificates is not None: + raise ValueError( + "Invalid configuration: 'root_certificates' should not be provided " + "when 'insecure' is set to True. For an insecure connection, omit " + "'root_certificates', or set 'insecure' to False for a secure connection." + ) + # Possible options: # https://github.com/grpc/grpc/blob/v1.43.x/include/grpc/impl/codegen/grpc_types.h channel_options = [