[I] Could not disable ssl verification. [iceberg-python]

Fri, 30 Jan 2026 10:13:59 -0800 


MenelikV opened a new issue, #2985:
URL: https://github.com/apache/iceberg-python/issues/2985

   ### Apache Iceberg version
   
   None
   
   ### Please describe the bug 🐞
   
   Hello,
   
   I am trying to use pyiceberg with a nessie deployed on a kubernetes cluster. 
Nessie is exposed through an ingress with a auto-signed certificate.
   
   I am trying to connect with the following:
   
   ```python
   catalog = load_catalog("iceberg", **{"uri":"https://myhost/iceberg/";, 
"s3.endpoint":"https://xxx","s3.access-key-id":"XXXXXXX";, 
"s3.secret-access-key":"XXXXX", "ssl": {"cabundle": False}})
   ```
   
   This code raises an Exception 
   
   ```python
   SSLError: HTTPSConnectionPool(host='myhost', port=443): Max retries exceeded 
with url: /iceberg/v1/config (Caused by SSLError(SSLCertVerificationError(1, 
"[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, 
certificate is not valid for 'myhost'. (_ssl.c:1018)")))
   ```
   
   Looking at the code of `RestCatalog`, especially the `_create_session` 
function, it seems that a check is made to see of "cabundle" is neither None, 
nor False 
(https://github.com/apache/iceberg-python/blob/main/pyiceberg/catalog/rest/__init__.py#L361)
   
   To my understanding, this prevents `session.verify` to be set to `False`.
   
   I would change `if ssl_ca_bundle := ssl_config.get(CA_BUNDLE):` by 
`(ssl_ca_bundle := ssl_config.get(CA_BUNDLE)) is not None`
   
   Cheers, 
   
   Ménélik
   
   ### Willingness to contribute
   
   - [x] I can contribute a fix for this bug independently
   - [x] I would be willing to contribute a fix for this bug with guidance from 
the Iceberg community
   - [ ] I cannot contribute a fix for this bug at this time


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to