Skip to content

Fix REQUESTS_CA_BUNDLE directory support in _setup_ssl_cert#3681

Open
armorbreak001 wants to merge 1 commit intoboto:developfrom
armorbreak001:fix/requests-ca-bundle-directory
Open

Fix REQUESTS_CA_BUNDLE directory support in _setup_ssl_cert#3681
armorbreak001 wants to merge 1 commit intoboto:developfrom
armorbreak001:fix/requests-ca-bundle-directory

Conversation

@armorbreak001
Copy link
Copy Markdown

@armorbreak001 armorbreak001 commented Apr 22, 2026

Summary

When REQUESTS_CA_BUNDLE is set to a directory path (which is valid per the requests documentation), botocore raises an OSError: Is a directory error because _setup_ssl_cert unconditionally assigns the path to conn.ca_certs, which expects a file path.

The fix checks whether the cert path is a directory and uses conn.ca_cert_dir instead, which is the correct urllib3 attribute for CA certificate directories.

Issue

Fixes #2731

Changes

  • In _setup_ssl_cert(), check os.path.isdir(cert_path) before assigning to connection attributes
  • Use ca_cert_dir for directories, ca_certs for files (existing behavior)

Diff: 5 lines added, 1 line removed

@armorbreak001
Fix REQUESTS_CA_BUNDLE directory support in _setup_ssl_cert
0edd98e 
When REQUESTS_CA_BUNDLE is set to a directory path (supported by
requests/urllib3 for CA cert bundles), botocore raised an error because
it unconditionally set the path as ca_certs (file-only). Use ca_cert_dir
when the path is a directory to match urllib3's expected usage.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Setting REQUESTS_CA_BUNDLE to directory causes exception

1 participant

@armorbreak001