From 7d2e3dc9524f4b3958adde1b1ce98be8e6c81b21 Mon Sep 17 00:00:00 2001
From: German Giraldo <german.giraldovilla@epfl.ch>
Date: Fri, 20 Jun 2025 11:18:30 +0200
Subject: [PATCH] Add ssl context for host verification in httpx client

---
 .../status/health_check/health_checker_cluster.py          | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/firecrest/status/health_check/health_checker_cluster.py b/src/firecrest/status/health_check/health_checker_cluster.py
index e090dd26..fab77db1 100644
--- a/src/firecrest/status/health_check/health_checker_cluster.py
+++ b/src/firecrest/status/health_check/health_checker_cluster.py
@@ -22,6 +22,9 @@
 from lib.scheduler_clients.scheduler_base_client import SchedulerBaseClient
 from authlib.integrations.httpx_client import AsyncOAuth2Client
 from firecrest.plugins import settings
+import ssl
+import certifi
+import os
 
 
 class ClusterHealthChecker:
@@ -41,9 +44,13 @@ def __init__(self, cluster: HPCCluster, token_decoder: OIDCTokenAuth = None):
 
     async def check(self) -> None:
         try:
+            ctx = ssl.create_default_context(
+                cafile=os.environ.get("REQUESTS_CA_BUNDLE", certifi.where()),
+            )
             client = AsyncOAuth2Client(
                 self.cluster.service_account.client_id,
                 self.cluster.service_account.secret.get_secret_value(),
+                verify=ctx,
             )
 
             token = await client.fetch_token(