A few tweaks based on review feedback.

refs #4340

diff --git a/sdk/python/arvados/events.py b/sdk/python/arvados/events.py
index f2e5afdff57c578afe38b93c29202b8536d42755..7e8cdc3282113ad7984c9e9d93cdb187a0c77b4f 100644 (file)
--- a/sdk/python/arvados/events.py
+++ b/sdk/python/arvados/events.py
@@ -13,13 +13,15 @@ _logger = logging.getLogger('arvados.events')
 
 class EventClient(WebSocketClient):
     def __init__(self, url, filters, on_event):
-        ssl_options = None
-        if re.match(r'(?i)^(true|1|yes)$',
-                    config.get('ARVADOS_API_HOST_INSECURE', 'no')):
-            ssl_options={'cert_reqs': ssl.CERT_NONE}
+        # Prefer system's CA certificates (if available)
+        ssl_options = {}
+        certs_path = '/etc/ssl/certs/ca-certificates.crt'
+        if os.path.exists(certs_path):
+            ssl_options['ca_certs'] = certs_path
+        if config.flag_is_true('ARVADOS_API_HOST_INSECURE'):
+            ssl_options['cert_reqs'] = ssl.CERT_NONE
         else:
-            # Prefer system's CA certificates (if available)
-            ssl_options={'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': '/etc/ssl/certs/ca-certificates.crt' }
+            ssl_options['cert_reqs'] = ssl.CERT_REQUIRED
         super(EventClient, self).__init__(url, ssl_options=ssl_options)
         self.filters = filters
         self.on_event = on_event