util.py: python-api https certificate openssl override as is used in GNU Guix

author Pjotr Prins <pjotr.public01@thebird.nl>

Wed, 20 May 2020 16:12:20 +0000 (11:12 -0500)

committer Peter Amstutz <peter.amstutz@curii.com>

Mon, 8 Jun 2020 18:58:18 +0000 (14:58 -0400)
author Pjotr Prins <pjotr.public01@thebird.nl>
Wed, 20 May 2020 16:12:20 +0000 (11:12 -0500)
committer Peter Amstutz <peter.amstutz@curii.com>
Mon, 8 Jun 2020 18:58:18 +0000 (14:58 -0400)
diff --git a/sdk/python/arvados/util.py b/sdk/python/arvados/util.py

index dcc0417c138484b9d3f589ea19f75dacf4be6122..6c9822e9f0325ec82cf68dc413843a9499755942 100644 (file)
--- a/sdk/python/arvados/util.py
+++ b/sdk/python/arvados/util.py
@@ -396,6 +396,9 @@ def ca_certs_path(fallback=httplib2.CA_CERTS):
      it returns the value of `fallback` (httplib2's CA certs by default).
      """
      for ca_certs_path in [
+        # SSL_CERT_FILE and SSL_CERT_DIR are openssl overrides - note
+        # that httplib2 itself also supports HTTPLIB2_CA_CERTS.
+        os.environ.get('SSL_CERT_FILE'),
          # Arvados specific:
          '/etc/arvados/ca-certificates.crt',
          # Debian:
@@ -403,7 +406,7 @@ def ca_certs_path(fallback=httplib2.CA_CERTS):
          # Red Hat:
          '/etc/pki/tls/certs/ca-bundle.crt',
          ]:
-        if os.path.exists(ca_certs_path):
+        if ca_certs_path and os.path.exists(ca_certs_path):
              return ca_certs_path
      return fallback
author	Pjotr Prins <pjotr.public01@thebird.nl>
	Wed, 20 May 2020 16:12:20 +0000 (11:12 -0500)
committer	Peter Amstutz <peter.amstutz@curii.com>
	Mon, 8 Jun 2020 18:58:18 +0000 (14:58 -0400)