I'm trying write a python 2.7 script, that connects to a server via SSL or TLS socket. The server exists and can provide its certificate etc.

I have found the following code:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s,
                       ca_certs="/etc/ca_certs_file",
                       cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect((serverName, portNumber))

I do not understand what is the ca_certs argument. Is this supposed to be a file that currently exists on my computer? If yes, how do I know where it is? I have looked in my linux computer (raspberry pi with debian) and found a lot of .pem files in my /etc/ssl/cert directory. Should I set the ca_certs argument to one of them? If yes, which one to choose? If no, what should I set it to?

It turns out that the cert file is a file that should already exists on the OS, and which contains a concatenated list of root (and/or intermediate? not sure about that) certificates that are trusted by the OS. In my case on rasperry pi debian it's /etc/ssl/certificates/ca-certificates.crt

If you have certificates that you wish to trust, you can get them added in this file with the linux command update-ca-certificates. This will read the file /etc/ca-certificateds.conf, which should contains the list of certificates you wish to trust. (by default it will try to find those certificates in /usr/share/ca-certificates)