fix ssl deactivation from catalog properties #2985

MenelikV · MenelikV · commit 9e3efa8acc84 · 2026-02-09T13:14:41.000+01:00
diff --git a/pyiceberg/catalog/rest/__init__.py b/pyiceberg/catalog/rest/__init__.py
@@ -358,7 +358,7 @@ def _create_session(self) -> Session:
 
         # Sets the client side and server side SSL cert verification, if provided as properties.
         if ssl_config := self.properties.get(SSL):
-            if ssl_ca_bundle := ssl_config.get(CA_BUNDLE):
+            if (ssl_ca_bundle := ssl_config.get(CA_BUNDLE)) is not None:
                 session.verify = ssl_ca_bundle
             if ssl_client := ssl_config.get(CLIENT):
                 if all(k in ssl_client for k in (CERT, KEY)):
diff --git a/tests/catalog/test_rest.py b/tests/catalog/test_rest.py
@@ -47,7 +47,7 @@
     NoSuchViewError,
     OAuthError,
     ServerError,
-    TableAlreadyExistsError,
+    TableAlreadyExistsError, ValidationError,
 )
 from pyiceberg.io import load_file_io
 from pyiceberg.partitioning import PartitionField, PartitionSpec
@@ -1641,6 +1641,29 @@ def test_update_namespace_properties_invalid_namespace(rest_mock: Mocker) -> Non
     assert "Empty namespace identifier" in str(e.value)
 
 
+def test_with_disabled_ssl_ca_bundle(rest_mock: Mocker) -> None:
+    from pydantic import ValidationError
+    def ssl_check_callback(req, _):
+        if req.verify:
+            raise AssertionError("SSL verification is  still enabled")
+    # Given
+    rest_mock.get(
+        f"{TEST_URI}v1/config",
+        json=ssl_check_callback,
+        status_code=200,
+    )
+    # Given
+    catalog_properties = {
+        "uri": TEST_URI,
+        "token": TEST_TOKEN,
+        "ssl": {
+            "cabundle": False,
+        }
+    }
+    with pytest.raises(ValidationError) as _:
+        RestCatalog("rest", **catalog_properties)
+
+
 def test_request_session_with_ssl_ca_bundle(monkeypatch: pytest.MonkeyPatch) -> None:
     # Given
     catalog_properties = {
