aiohttp and zero trust ssl verification issue #430
Description
When one uses zero trust solutions like ZScaler or Netskope they act like a proxy and inject their own ssl certificate. This often results in ssl cert verification errors like
An error occurred: HTTPSConnectionPool(host='xxx.xxx.xxx', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1018)')))
The python requests library allows one to set an env variable for REQUESTS_CA_BUNDLE which it will load. You import the security vendor's root cert into certifi and point to it's truststore and the ssl verification succeeds.
I found a long bug thread for aiohttp discussing this, and they suggest ways to construct the sslContext for users of aiohttp to address this same concern without using ENV variables.
The problem is that one can't do this when aiohttp is used in some other project...in this case the okta client.
I am unable to use the okta client and have to rewrite everything using the requests library...which I have working.
Is there a way to configure the okta client to be aware of custom certs and pass them to aiohttp appropriately?