Use OS TLS certs instead of specifying

[uajqq]

I'm trying (and failing) to debug a new installation on Mac. I have the problem narrowed down to something having to do with the CA certificates file. During the course of debugging, I noticed that mosquitto_pub has a --tls-use-os-certs switch. Using that switch, I can publish to my broker no problem from the command line, but I'm still struggling to publish from weewx using ca_certs = /opt/homebrew/etc/ca-certificates/cert.pem in my weewx config.

Is there a way to just have the extension automatically pass the --tls-use-os-certs option so users don't have to manually specify a certs location?

[uajqq]

Sorry -- of course, this is using the paho-mqtt client, not mosquitto, to publish. However, in the paho-mqtt documentation:

ca_certs a string path to the Certificate Authority certificate files that are to be treated as trusted by this client. If this is the only option given then the client will operate in a similar manner to a web browser. That is to say it will require the broker to have a certificate signed by the Certificate Authorities in ca_certs and will communicate using TLS v1, but will not attempt any form of authentication. This provides basic network encryption but may not be sufficient depending on how the broker is configured. By default, on Python 2.7.9+ or 3.4+, the default certification authority of the system is used. On older Python version this parameter is mandatory.

Does this mean there's a way to omit the ca_certs option and just allow paho-mqtt to automatically use the appropriate CA certs?