From 75b4015fdb102039f1630595fb755fe8b594493a Mon Sep 17 00:00:00 2001
From: Alex Burlacu <alex.burlacu@clear.ml>
Date: Wed, 19 Jul 2023 02:09:49 +0300
Subject: [PATCH] Fix misconfigured boto3 bucket credentials verify

---
 clearml/backend_config/bucket_config.py | 8 ++++++--
 clearml/storage/helper.py               | 8 +++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/clearml/backend_config/bucket_config.py b/clearml/backend_config/bucket_config.py
index 49086cec..0bc5ac8e 100644
--- a/clearml/backend_config/bucket_config.py
+++ b/clearml/backend_config/bucket_config.py
@@ -31,7 +31,7 @@ class S3BucketConfig(object):
     acl = attrib(type=str, converter=_none_to_empty_string, default="")
     secure = attrib(type=bool, default=True)
     region = attrib(type=str, converter=_none_to_empty_string, default="")
-    verify = attrib(type=bool, default=True)
+    verify = attrib(type=bool, default=None)
     use_credentials_chain = attrib(type=bool, default=False)
     extra_args = attrib(type=dict, default=None)
 
@@ -106,6 +106,7 @@ class S3BucketConfigurations(BaseBucketConfigurations):
         default_use_credentials_chain=False,
         default_token="",
         default_extra_args=None,
+        default_verify=None,
     ):
         super(S3BucketConfigurations, self).__init__()
         self._buckets = buckets if buckets else list()
@@ -116,6 +117,7 @@ class S3BucketConfigurations(BaseBucketConfigurations):
         self._default_multipart = True
         self._default_use_credentials_chain = default_use_credentials_chain
         self._default_extra_args = default_extra_args
+        self._default_verify = default_verify
 
     @classmethod
     def from_config(cls, s3_configuration):
@@ -129,6 +131,7 @@ class S3BucketConfigurations(BaseBucketConfigurations):
         default_region = s3_configuration.get("region", "") or getenv("AWS_DEFAULT_REGION", "")
         default_use_credentials_chain = s3_configuration.get("use_credentials_chain") or False
         default_extra_args = s3_configuration.get("extra_args")
+        default_verify = s3_configuration.get("verify", None)
 
         default_key = _none_to_empty_string(default_key)
         default_secret = _none_to_empty_string(default_secret)
@@ -142,7 +145,8 @@ class S3BucketConfigurations(BaseBucketConfigurations):
             default_region,
             default_use_credentials_chain,
             default_token,
-            default_extra_args
+            default_extra_args,
+            default_verify,
         )
 
     def add_config(self, bucket_config):
diff --git a/clearml/storage/helper.py b/clearml/storage/helper.py
index f5aea115..f7ef6008 100644
--- a/clearml/storage/helper.py
+++ b/clearml/storage/helper.py
@@ -437,12 +437,18 @@ class _Boto3Driver(_Driver):
             self.name = name[5:]
             endpoint = (('https://' if cfg.secure else 'http://') + cfg.host) if cfg.host else None
 
+            verify = cfg.verify
+            if verify is True:
+                # True is a non-documented value for boto3, use None instead (which means verify)
+                print("Using boto3 verify=None instead of true")
+                verify = None
+
             # boto3 client creation isn't thread-safe (client itself is)
             with self._creation_lock:
                 boto_kwargs = {
                     "endpoint_url": endpoint,
                     "use_ssl": cfg.secure,
-                    "verify": cfg.verify,
+                    "verify": verify,
                     "region_name": cfg.region or None,  # None in case cfg.region is an empty string
                     "config": botocore.client.Config(
                         max_pool_connections=max(