[Bug] google-genai Python SDK overrides 'verify=False' in HttpOptions due to truthiness evaluation quirk

[GrahamAtGEA]

Title:

[Bug] google-genai Python SDK overrides 'verify=False' in HttpOptions due to truthiness evaluation quirk

Description:

When attempting to disable SSL verification in corporate, air-gapped, or specific local-first developer environments (where local proxies or specific certificate authorities trigger [SSL: CERTIFICATE_VERIFY_FAILED] exceptions), passing verify=False to the SDK’s client initialization fails silently.

The configuration is overwritten back to the default strict SSL context, preventing developers from bypassing standard certificate handshakes natively via boolean arguments.

Root Cause Analysis:

Within the network/client transport layer mapping function that evaluates http_options and its underlying dictionary or class arguments, the conditional statement checking if a custom context or validation constraint has been intentionally altered likely relies on a check similar to:

if not ctx:
    # Overwrite or fallback to standard strict default SSL verification

Because False is structurally falsy in Python, not False evaluates to True. Consequently, when a developer intentionally sets verify=False to disable checks via standard HTTP-client convention (akin to httpx or requests), the SDK misinterprets the explicit instruction as an empty, unconfigured state and silently restores the default verifying SSL engine.

Verified Workaround:

The bug can be bypassed by constructing and passing an explicit, unverified custom ssl.SSLContext object instead of a boolean value, forcing the truthiness evaluation to pass:

import ssl
from google import genai
from google.genai import types

# Workaround: Force a falsy context to look truthy to the SDK parser
unverified_ssl_context = ssl.create_default_context()
unverified_ssl_context.check_hostname = False
unverified_ssl_context.verify_mode = ssl.CERT_NONE

client = genai.Client(
    http_options=types.HttpOptions(
        client_args={'verify': unverified_ssl_context},
        async_client_args={'verify': unverified_ssl_context}
    )
)

Steps to Reproduce:

1. Initialize the client on a machine/network requiring an unverified SSL environment (e.g., behind an inspection proxy).
2. Set client = genai.Client(http_options=types.HttpOptions(client_args={'verify': False})).
3. Try any basic text generation loop like client.models.generate_content(...).
4. Observe that the configuration is ignored and the execution raises [SSL: CERTIFICATE_VERIFY_FAILED].

Expected Behavior:

Setting verify=False should be natively honored and passed cleanly down to the underlying HTTP client transport layer without being caught and overwritten by default configurations.

---