publish single with TLS ca_certs from server

[IsmaeelHaider]

Hi,
I'm trying to connect to "mqtts://broker.emqx.io:8883" using paho mqtt but getting the invalid certificate error.
tls = { 'ca_certs': "certificate.pem", 'insecure': False, 'tls_version': ssl.PROTOCOL_TLS_CLIENT }
publish.single( topic="testtopic\", payload=payload, hostname="broker.emqx.io", auth={}, port=8883, tls=tls, protocol=mqtt.MQTTv311 )

I don't want it to be insecure and want to get the certificate from the server instead of providing a certificate file manually. It would be a great help if someone could guide me in a right direction.

[runout-at]

following works at least under debian: tls={'ca_certs':"/etc/ssl/certs/ca-certificates.crt"}

but i think ca_certs should be auto-detected from the system if not provided.

the documentation should have some useful examples for ca_certs

[MattBrittan]

Closing this due to inactivity.

Unfortunately answering certificate related issues like this can be difficult without a reproducible example (often the issue is the certificate itself).

[runout-at]

@MattBrittan I wonder why you are closing this without asking for more information if something is not clear.

In my opinion the examples are there.

And as i found out it's just a missing default for the ca_certs file. At least on a debian stable (bookworm) system this is reproducible.

[MattBrittan]

@runout-at there were around 300 open issues dating back many years; many of which had no responses at all. I'm attempting to get things into a manageable state so that issues can be categorised/resolved in a reasonable time-frame (as things stand the issue backlog is very intimidating, so has been largely ignored; resources are very limited). As you can probably understand working through this number of issues takes a considerable amount of time, and I will make mistakes (and am deliberately being somewhat ruthlessness through necessity).

In this case the issue was really a request for help, and as it was raised over three years ago closing it seemed the best approach (I probably should have added a "please reopen this if you are still experiencing the issue" as I have to many others). In addition, the issue you mention appears to differ from the OP's (they specified 'ca_certs': "certificate.pem").

And as i found out it's just a missing default for the ca_certs file. At least on a debian stable (bookworm) system this is reproducible.

Please consider raising this as a new issue (the docs state that "By default, on Python 2.7.9+ or 3.4+, the default certification authority of the system is used." so if that's not working then it's possibly a bug or deficiency in the docs).