From 3d60611f1c6a1766d91115209bb0d3400308ac82 Mon Sep 17 00:00:00 2001
From: Jon Levell <jonquark@users.noreply.github.com>
Date: Mon, 14 Oct 2024 12:20:59 +0100
Subject: [PATCH] [patch] add caFile: '_os_' as a way to use OS/python
 truststore (#214)

Co-authored-by: Jon Levell <levell@uk.ibm.com>
---
 docs/application/config.md | 2 +-
 docs/device/config.md      | 2 +-
 docs/gateway/config.md     | 2 +-
 src/wiotp/sdk/client.py    | 3 +++
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/application/config.md b/docs/application/config.md
index 3bb720e2..c4e165a8 100644
--- a/docs/application/config.md
+++ b/docs/application/config.md
@@ -17,7 +17,7 @@ Application configuration can be broken down into required and optional configur
 - `options.mqtt.cleanStart` A boolean value indicating whether to discard any previous state when reconnecting to the service.  Defaults to `False`.
 - `options.mqtt.sessionExpiry` When cleanStart is disabled, defines the maximum age of the previous session (in seconds).  Defaults to `False`.
 - `options.mqtt.keepAlive` Control the frequency of MQTT keep alive packets (in seconds).  Details to `60`.
-- `options.mqtt.caFile` A String value indicating the path to a CA file (in pem format) to use in verifying the server certificate.  Defaults to `messaging.pem` inside this module.
+- `options.mqtt.caFile` A String value indicating the path to a CA file (in pem format) to use in verifying the server certificate.  Defaults to `messaging.pem` inside this module. Use the special string `"_os_"` to use default python/OS truststore.
 
 
 The config parameter when constructing an instance of `wiotp.sdk.application.ApplicationClient` expects to be passed a dictionary containing this configuration:
diff --git a/docs/device/config.md b/docs/device/config.md
index 7ebd47a3..39e316b9 100644
--- a/docs/device/config.md
+++ b/docs/device/config.md
@@ -16,7 +16,7 @@ Device configuration can be broken down into required and optional configuration
 - `options.mqtt.cleanStart` A boolean value indicating whether to discard any previous state when reconnecting to the service.  Defaults to `False`.
 - `options.mqtt.sessionExpiry` When cleanStart is disabled, defines the maximum age of the previous session (in seconds).  Defaults to `False`.
 - `options.mqtt.keepAlive` Control the frequency of MQTT keep alive packets (in seconds).  Details to `60`.
-- `options.mqtt.caFile` A String value indicating the path to a CA file (in pem format) to use in verifying the server certificate.  Defaults to `messaging.pem` inside this module.
+- `options.mqtt.caFile` A String value indicating the path to a CA file (in pem format) to use in verifying the server certificate.  Defaults to `messaging.pem` inside this module. Use the special string `"_os_"` to use default python/OS truststore.
 
 
 The config parameter when constructing an instance of `wiotp.sdk.device.DeviceClient` expects to be passed a dictionary containing this configuration:
diff --git a/docs/gateway/config.md b/docs/gateway/config.md
index 69316bcc..1946002e 100644
--- a/docs/gateway/config.md
+++ b/docs/gateway/config.md
@@ -16,7 +16,7 @@ Gateway configuration can be broken down into required and optional configuratio
 - `options.mqtt.cleanStart` A boolean value indicating whether to discard any previous state when reconnecting to the service.  Defaults to `False`.
 - `options.mqtt.sessionExpiry` When cleanStart is disabled, defines the maximum age of the previous session (in seconds).  Defaults to `False`.
 - `options.mqtt.keepAlive` Control the frequency of MQTT keep alive packets (in seconds).  Details to `60`.
-- `options.mqtt.caFile` A String value indicating the path to a CA file (in pem format) to use in verifying the server certificate.  Defaults to `messaging.pem` inside this module.
+- `options.mqtt.caFile` A String value indicating the path to a CA file (in pem format) to use in verifying the server certificate.  Defaults to `messaging.pem` inside this module. Use the special string `"_os_"` to use default python/OS truststore.
 
 
 The config parameter when constructing an instance of `wiotp.sdk.gateway.GatewayClient` expects to be passed a dictionary containing this configuration:
diff --git a/src/wiotp/sdk/client.py b/src/wiotp/sdk/client.py
index 869727f2..78639075 100644
--- a/src/wiotp/sdk/client.py
+++ b/src/wiotp/sdk/client.py
@@ -176,6 +176,9 @@ def __init__(
                 # Path to default CA certificate if none provided
                 if caFile is None:
                     caFile = os.path.dirname(os.path.abspath(__file__)) + "/messaging.pem"
+                elif caFile == "_os_":
+                    self.logger.debug("Using OS trust store for certification verification")
+                    caFile=None
 
                 self.client.tls_set(
                     ca_certs=caFile,