Add default locations for CA file

Try to use default locations for CA files on RHEL/AlmaLinux and Ubuntu/Debian if the CA file location has not been configured by the user, so that Linux users usually don't have to configure a CA file themselves.
UtrechtUniversity · Nov 21, 2024 · 1b7b357 · 1b7b357
1 parent d8d3379
commit 1b7b357
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Change log
 
+## UNRELEASED
+
+- Add some default values for the CA file location that also work in non-Yoda-server environments.
+
 ## 2024-10-14 v1.4.0
 
 - Add support for new Python version of user exists rule (YDA-5393)

diff --git a/yclienttools/common_config.py b/yclienttools/common_config.py
@@ -9,8 +9,19 @@
 
 
 def get_ca_file() -> str:
-    return _get_parameter_with_default(
-        "ca_file", "/etc/irods/localhost_and_chain.crt")
+    configured_ca_file = _get_parameter_from_config("ca_file")
+    if configured_ca_file is None:
+        for standard_location in ["/etc/ssl/certs/ca-certificates.crt",
+                                  "/etc/pki/tls/certs/ca-bundle.crt",
+                                  "/etc/irods/localhost_and_chain.crt"]:
+            if os.path.isfile(standard_location):
+                return standard_location
+
+        print("Error: could not find CA bundle in a standard location. You will need to configure it (see the README file for details)")
+        sys.exit(1)
+
+    else:
+        return configured_ca_file
 
 
 def get_default_yoda_version() -> str: