From e32c65fc1ed005d2e893cfb252dbf96c9eae61f1 Mon Sep 17 00:00:00 2001
From: David <72822263+davidkonigsberg@users.noreply.github.com>
Date: Thu, 30 Sep 2021 15:13:18 -0400
Subject: [PATCH] fix cert

---
 btrdb/conn.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/btrdb/conn.py b/btrdb/conn.py
index 55058a4..a07c162 100644
--- a/btrdb/conn.py
+++ b/btrdb/conn.py
@@ -65,12 +65,20 @@ def __init__(self, addrportstr, apikey=None):
             # grpc bundles its own CA certs which will work for all normal SSL
             # certificates but will fail for custom CA certs. Allow the user
             # to specify a CA bundle via env var to overcome this
-            ca_bundle = os.getenv("BTRDB_CA_BUNDLE","")
-            if ca_bundle != "":
+            env_bundle = os.getenv("BTRDB_CA_BUNDLE", "")
+            os_certs = "/etc/ssl/certs/ca-certificates.crt"
+            ca_bundle = env_bundle
+            if ca_bundle == "":
+                ca_bundle = os_certs
+            try:
                 with open(ca_bundle, "rb") as f:
                     contents = f.read()
-            else:
-                contents = None
+            except Exception:
+                if env_bundle != "":
+                    # The user has given us something but we can't use it, we need to make noise
+                    raise Exception("BTRDB_CA_BUNDLE(%s) env is defined but could not read file" % ca_bundle)
+                else:
+                    contents = None
 
             if apikey is None:
                 self.channel = grpc.secure_channel(