Outbound: Specify the OpenSSL Root CA Bundle when making SDS requests

[Alex-Nita]

What + Why

When testing the Adaptor in PTL, we noticed that the first Outbound request would return a successful response, and then all subsequent requests returned a 500. We narrowed the issue down to the tornado HTTP client reusing the last CA Bundle it was given if no CA Bundle was explicitly specified. After the first request, this meant that SDS requests were trying to validate the authenticity of the SDS API by using the NHS root certificates (because the last request made was to Spine).

To workaround this Tornado issue, this we've changed our CommonHttps.make_request method to explicitly specify the OpenSSL root CA bundle in the case that no bundle is provided. This should only affect the calls to the FHIR SDS API, as that's the only HTTP server we call that uses a standard certificate. Calls to Spine use the NHS certificates passed in as environment variables.

Type of change

Bug fix (non-breaking change which fixes an issue)

Checklist:

• I have performed a self-review of my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have updated the Changelog with details of my change in the UNRELEASED section if this change will affect end users. No CHANGELOG entry required, as this fixes a bug in code which hasn't been released yet.