Trino connector: incorrect handling of SSL verify parameter - passing dict instead of path or False #24661
Description
In the Trino connector implementation, the SSL verify parameter is being handled incorrectly.
in the file
the code assigns a dict to verify, but this parameter should accept either:
a boolean (True/False), or
a path to a CA certificate file (string)
Passing a dict breaks the expected behavior of the underlying HTTP client used for Trino connections.
How to reproduce
Configure a Trino ingestion connection over HTTPS.
Provide a custom CA certificate path or set verify: false in the connection configuration.
The ingestion process either fails during connection or does not correctly apply the SSL verification options, because the code transforms verify into a dict instead of using the actual provided value.
Expected behavior
When verify is set to a file path, the Trino connection should use that CA certificate.
When verify is set to False, SSL verification should be disabled.
The connector should pass the value directly to the underlying HTTP library, which follows the standard requests semantics (verify accepts True, False, or a path string).
Proposed fix
Replace the current logic (which constructs a dict for verify) with a direct assignment:
- connection_args.root['verify'] = { ... } # currently creates a dict (incorrect)
- connection_args.root['verify'] = connection.verify # correctly accepts path or False
This ensures that the connector behaves consistently with Python’s standard SSL verification handling.
Why this matters
Enables proper use of custom CA certificates (enterprise/internal PKI).
Allows disabling SSL verification when required for testing or controlled environments.
Restores compatibility with how the underlying HTTP libraries expect the verify parameter.