Could not disable ssl verification.

[MenelikV]

Apache Iceberg version

None

Please describe the bug 🐞

Hello,

I am trying to use pyiceberg with a nessie deployed on a kubernetes cluster. Nessie is exposed through an ingress with a auto-signed certificate.

I am trying to connect with the following:

catalog = load_catalog("iceberg", **{"uri":"https://myhost/iceberg/", "s3.endpoint":"https://xxx","s3.access-key-id":"XXXXXXX", "s3.secret-access-key":"XXXXX", "ssl": {"cabundle": False}})

This code raises an Exception

SSLError: HTTPSConnectionPool(host='myhost', port=443): Max retries exceeded with url: /iceberg/v1/config (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'myhost'. (_ssl.c:1018)")))

Looking at the code of RestCatalog, especially the _create_session function, it seems that a check is made to see of "cabundle" is neither None, nor False (https://github.com/apache/iceberg-python/blob/main/pyiceberg/catalog/rest/__init__.py#L361)

To my understanding, this prevents session.verify to be set to False.

I would change if ssl_ca_bundle := ssl_config.get(CA_BUNDLE): by (ssl_ca_bundle := ssl_config.get(CA_BUNDLE)) is not None

Cheers,

Ménélik

Willingness to contribute

• I can contribute a fix for this bug independently
• I would be willing to contribute a fix for this bug with guidance from the Iceberg community
• I cannot contribute a fix for this bug at this time