Python requests: load SSL certificate from database

Question

I am using requests to consume a web service in https protocol. I used to verify the server certificate by setting verify as the file path to the certificate.

But now I want to store the server certificate to the database. At the runtime, the certificate will be loaded in memory as a string.

The question is whether it is possible to pass the server certificate to requests as string.

One more thought: is it possible to point verify to a cert file in Cloud storage such as Amazon S3, Google storage etc?

Answer 1

As far as I can tell, no, verify should be a boolean, or a path to a certificate file, or a path to a directory containing certificates. There is no easy way to circumvent this.

You could retrieve the certificate from the database, write it to a temporary file, and then pass the path to the temporary file to requests.

from tempfile import NamedTemporaryFile

with NamedTemporaryFile() as f:
    f.write(get_cert_from_db())
    f.flush()    # ensure all data written
    r = requests.get(url, verify=f.name)

The temporary file will automatically be closed and removed once the scope of the context manager (created with with) is exited. The file does actually exist on disk until it is closed, and could therefore be viewed by other processes, so you need to consider whether that's acceptable for the certificate in question.