On a related note, version 0.9.0 switched to using the system CAs by default [1], and so if you've added your private CA chain into there it should work.
[1]: https://github.com/apache/arrow-rs/pull/5056 On 25 January 2024 09:17:55 GMT, Raphael Taylor-Davies <r.taylordav...@googlemail.com> wrote: >The ticket for supporting self-signed certificates can be found here [1]. > >If you switch the TLS backend to OpenSSL it may respect the SSL_CERT_FILE >environment variable, but I'm not very familiar with the particulars of that >library. This would require customising the Rust build, however, which may not >be possible if calling from python. > >Kind Regards, > >Raphael > > >[1]: https://github.com/apache/arrow-rs/issues/5034 > >On 25 January 2024 08:44:45 GMT, elveshoern32 ><elveshoer...@zohomail.eu.INVALID> wrote: >>Since my question remained unanswered on the user list, I dare to ask again >>on the dev list: >> >> >>While experimenting with polars [1] (which is based on arrow-rs) I found that >>it's not possible to read a single file from our on-prem S3-compatible >>storage. >> >>Any attempts result in SSL error messages: >> >> >> >>error trying to connect: invalid peer certificate: UnknownIssuer >> >> >> >>Such SSL errors are well-known to us and usually get fixed by setting the >>environment variable SSL_CERT_FILE (or something similar) pointing to our >>company's certstore. >> >>polars seems to ignore that env var. >> >>Now it's unclear to me whether this is an issue of polars or arrow-rs (or >>anything else). >> >> >> >>For more details see [2]. >> >> >> >>[1] https://pola.rs/ >> >>[2] https://github.com/pola-rs/polars/issues/13741
