fix: validate CA certificate file exists before SSL context creation

atomicturtle · atomicturtle · commit e2d9cc4a3c07 · 2026-01-07T15:16:45.000-05:00
Add file existence check for CA certificate before passing to
ssl.create_default_context(). This prevents runtime errors when
the CA cert file is missing or path is incorrect.

Addresses Copilot suggestion.

Signed-off-by: Scott R. Shinn &lt;scott@atomicorp.com&gt;
diff --git a/tools/chelon_client.py b/tools/chelon_client.py
@@ -91,8 +91,11 @@ def _make_request(self, endpoint: str, data: Dict[str, Any]) -> Dict[str, Any]:
         
         # Setup SSL context
         if self.verify_ssl:
-            # When verifying SSL, use the provided CA certificate file
-            ssl_context = ssl.create_default_context(cafile=str(self.ca_cert))
+            # When verifying SSL, ensure the provided CA certificate file exists before using it
+            ca_cert_path = Path(self.ca_cert) if not isinstance(self.ca_cert, Path) else self.ca_cert
+            if not ca_cert_path.is_file():
+                raise ChelonClientError(f"CA certificate file not found: {ca_cert_path}")
+            ssl_context = ssl.create_default_context(cafile=str(ca_cert_path))
         else:
             # When not verifying SSL, do not load a CA file
             ssl_context = ssl.create_default_context()
