In some scenarios the user may want to switch on the TLS certificate verification and use a custom CA list file or a bundle. For that purpose, we have the configuration key called trusted_ca. It should be set to a path to the file or a directory with the CA list. This setting is applicable for communication with both the database and the bucket-fs.
The problem arises when we want to pass the bucket-fs connection parameters to a UDF. In order to communicate to the bucket-fs service in exactly the same way as the external application the UDF needs to have access to the custom CA list. Hence the CA list must be uploaded to the file system of the SLC or to the bucket-fs itself where it can be accessed through the mounted directory.
In some scenarios the user may want to switch on the TLS certificate verification and use a custom CA list file or a bundle. For that purpose, we have the configuration key called
trusted_ca. It should be set to a path to the file or a directory with the CA list. This setting is applicable for communication with both the database and the bucket-fs.The problem arises when we want to pass the bucket-fs connection parameters to a UDF. In order to communicate to the bucket-fs service in exactly the same way as the external application the UDF needs to have access to the custom CA list. Hence the CA list must be uploaded to the file system of the SLC or to the bucket-fs itself where it can be accessed through the mounted directory.