stac-utils/stac-fastapi-elasticsearch-opensearch

Use certifi to find ca_certs path

jamesfisher-geo opened this issue · 0 comments

jamesfisher-geo commented

Description

What do you all think about using certifi to find the certificate authority (CA) path if one is not defined with the CURL_CA_BUNDLE env variable? I recently deployed with OpenSearch on a lambda runtime and had some issues locating the path.

Solution

Certifi seems to be more flexible than the current default ("/etc/ssl/certs/ca-certificates.crt"). The change below passes all tests.

 if config["verify_certs"]:
        config["ca_certs"] = os.getenv(
            # "CURL_CA_BUNDLE", "/etc/ssl/certs/ca-certificates.crt"
            "CURL_CA_BUNDLE", certifi.where()
        )

Additional context
I'm relatively new to SSL certificates, so would appreciate some input.