From user-return-1099-archive-asf-public=cust-asf.ponee.io@arrow.apache.org Sat Mar 20 17:58:28 2021 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by mx-eu-01.ponee.io (Postfix) with ESMTPS id 96DB0180607 for ; Sat, 20 Mar 2021 18:58:28 +0100 (CET) Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id B862141CBA for ; Sat, 20 Mar 2021 17:58:27 +0000 (UTC) Received: (qmail 35910 invoked by uid 500); 20 Mar 2021 17:58:27 -0000 Mailing-List: contact user-help@arrow.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@arrow.apache.org Delivered-To: mailing list user@arrow.apache.org Received: (qmail 35900 invoked by uid 99); 20 Mar 2021 17:58:27 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Mar 2021 17:58:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 8E75BC02D5 for ; Sat, 20 Mar 2021 17:58:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id jSbOvn_mhFpO for ; Sat, 20 Mar 2021 17:58:25 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.174; helo=mail-qk1-f174.google.com; envelope-from=nugend@gmail.com; receiver= Received: from mail-qk1-f174.google.com (mail-qk1-f174.google.com [209.85.222.174]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 6CB4FBD09B for ; Sat, 20 Mar 2021 17:58:25 +0000 (UTC) Received: by mail-qk1-f174.google.com with SMTP id c4so6398304qkg.3 for ; Sat, 20 Mar 2021 10:58:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:message-id:in-reply-to:references:subject:mime-version; bh=chgDJLtt/886hY3jVVzQuzIyo0ZCT4mX7qSYBuXcAiI=; b=GyV6udC6yq3mOEm8gbh3foW8DDs7jc8TeuUSqKeQQckgaGw82OENPV67L4J2Vt80DM HTuQdeGfHen45DB7GSjej2Pnmu1l7AFoHX4lqSfkPTVzfDzdBg0G1eSdRRSppGqTlyMb Jrm/Ts5BJ67EXFlht//zqsCz+DDNtQ2O9aQ3+Pd3lczORJvT0vp90ng3wTK5n65l7ybB cqI96PfllkA0ViBljQcMZXp9hemnFr45cd8Sc7yjZ/MeGMk0vKe9d36UeIpDJuGQKV9q YA3EvmgmlRcvfQBGXYa0N7gSRykHF6Q5msZU673gYfCh3ObGK0wMq5hMHa0BFm2Xp2Hn DMsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:message-id:in-reply-to:references :subject:mime-version; bh=chgDJLtt/886hY3jVVzQuzIyo0ZCT4mX7qSYBuXcAiI=; b=BTR/vHXAKvJHHArokrsRxt0YJ1K/hfU6RfB4Eq0YPJuseJ1B+4TNv+SC8EA1uCTp09 W59X9zkRHXzoP2tLkScmeqYrDX4+DHNK34BJ7u6mBiXagbJFv1gw7vqSA2M/GgwLzIgA GncY9I2delfoyJr62PzY1o7KFURXAJmHzvnNZHP2XzohPQxiilQszSRMYLniuchRELh1 xgD0bzQqnALKBFt2ezwbWndGt+veL9N+fbli6SMKfkXDN3IBDTfGbdRsNjByWcAIY8H4 ix39ZzblepB1fq3LuEIfwMCMMSJb99QC+jgzmvZ4TLCPOYzgTcrAYeJig+UfM6GScv4+ BLMg== X-Gm-Message-State: AOAM531dZJsnRvUUk/VLzKKdu4Fhi+9YMyMGoM6eaUpV3TOK4dvG6Ccd KWbQPQfFESpry6HcxLPTthkiLztIZj7eaQ== X-Google-Smtp-Source: ABdhPJxynec2yvy+Vvv+xfoTvWzqOEVNmRJ9ZSQ5Ag9GqKpl/dOObnWqOEq8X/TjFogg7BdW68DH6Q== X-Received: by 2002:a37:d2c1:: with SMTP id f184mr3844519qkj.107.1616263099437; Sat, 20 Mar 2021 10:58:19 -0700 (PDT) Received: from [10.0.1.39] (static-71-183-110-91.nycmny.fios.verizon.net. [71.183.110.91]) by smtp.gmail.com with ESMTPSA id l186sm7067149qke.92.2021.03.20.10.58.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 20 Mar 2021 10:58:19 -0700 (PDT) Date: Sat, 20 Mar 2021 13:58:05 -0400 From: Daniel Nugent To: user@arrow.apache.org Message-ID: In-Reply-To: <20210320185533.1a3adc9c@fsol> References: <979437a8-b1e0-432c-accb-9e4ddf723b00@Spark> <54e76912-3273-40c3-80f9-5c5beceafb1f@Spark> <20210320185533.1a3adc9c@fsol> Subject: Re: Changing CA configurations under Python X-Readdle-Message-ID: afbf8914-2d12-4f8a-9f06-03fedb9bf871@Spark MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="605637ba_2ae8944a_536" --605637ba_2ae8944a_536 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Right. It=E2=80=99s more or less the same issue though as I need to actua= lly change the CA file in use after the program starts by setting the env= . The correct file to use is listed in a large config file that needs to = be parsed. I=E2=80=99ll file an issue. Thanks, -Dan Nugent On Mar 20, 2021, 13:55 -0400, Antoine Pitrou , wrot= e: > On =46ri, 19 Mar 2021 12:38:14 -0400 > Daniel Nugent wrote: > > At the moment, if you load up the pyarrow.fs module, it initializes t= he ca configurations from the ssl module. > > > > I have a situation where I need to change those at runtime. At the mo= ment, it looks like these can only be set once when the pyarrow.fs module= is loaded. Is it possible to modify these values after the initializatio= n has occurred=3F It=E2=80=99s fine that they are global, I just have to = load a Certificate file at a later point. > > Not currently, but that's a reasonable feature request. > Would you like to open an issue=3F > https://arrow.apache.org/docs/developers/contributing.html=23report-bug= s-and-propose-features > > Note that in the meantime, you may be able to use environment variables= > to point to the right CA file, for example: > > SSL=5FCERT=5F=46ILE=3D/etc/ssl/certs/ca-certificates.crt > > See > https://docs.python.org/3/library/ssl.html=23ssl.get=5Fdefault=5Fverify= =5Fpaths > > Regards > > Antoine. > > --605637ba_2ae8944a_536 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline

Right. It=E2=80=99s more or less the same issue tho= ugh as I need to actually change the CA file in use after the program sta= rts by setting the env. The correct file to use is listed in a large conf= ig file that needs to be parsed.

I=E2=80=99ll file an issue.

Thanks,

-Dan Nugent

On Mar 20, 2021, 13:55 -0400, Antoi= ne Pitrou <antoine=40python.org>, wrote:

On =46ri, 19 Mar 2021 12:38:14 -0400
Daniel Nugent <nugend=40gmail.com> wrote:

At the moment, if you load up the pyarrow.f= s module, it initializes the ca configurations from the ssl module.
=
I have a situation where I need to change those at runtime. At the moment= , it looks like these can only be set once when the pyarrow.fs module is = loaded. Is it possible to modify these values after the initialization ha= s occurred=3F It=E2=80=99s fine that they are global, I just have to load= a Certificate file at a later point.

Not currently, but that's a reasonable feature request.
Would you like to open an issue=3F
https://arrow.apache.org/docs/developers/contributing.html=23report-bugs-= and-propose-features

Note that in the meantime, you may be able to use environment variables to point to the right CA file, for example:

SSL=5FCERT=5F=46ILE=3D/etc/ssl/certs/ca-certificates.crt

See
https://docs.python.org/3/library/ssl.html=23ssl.get=5Fdefault=5Fverify=5F= paths

Regards

Antoine.

--605637ba_2ae8944a_536--