Skip to content

Use certifi to find ca_certs path #214

New issue
New issue
Closed
#222
Closed
Use certifi to find ca_certs path#214
#222
@jamesfisher-geo

Description

@jamesfisher-geo
jamesfisher-geo
opened on Mar 18, 2024

Description

What do you all think about using certifi to find the certificate authority (CA) path if one is not defined with the CURL_CA_BUNDLE env variable? I recently deployed with OpenSearch on a lambda runtime and had some issues locating the path.

Solution

Certifi seems to be more flexible than the current default ("/etc/ssl/certs/ca-certificates.crt"). The change below passes all tests.

 if config["verify_certs"]:
        config["ca_certs"] = os.getenv(
            # "CURL_CA_BUNDLE", "/etc/ssl/certs/ca-certificates.crt"
            "CURL_CA_BUNDLE", certifi.where()
        )

Additional context
I'm relatively new to SSL certificates, so would appreciate some input.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions