From 5c2ef48917c5802239afca89e5a15bca6c00be51 Mon Sep 17 00:00:00 2001 From: Will Miao Date: Sat, 30 May 2026 21:47:13 +0800 Subject: [PATCH] fix(aria2): apply certifi CA bundle to aria2c via --ca-certificate When certifi is available, pass its CA bundle path as --ca-certificate to the aria2c subprocess so that aria2 downloads use the same certificate store as Python aiohttp downloads. Graceful fallback when certifi is not installed. --- py/services/aria2_downloader.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/py/services/aria2_downloader.py b/py/services/aria2_downloader.py index 0875905d..3b4cddd9 100644 --- a/py/services/aria2_downloader.py +++ b/py/services/aria2_downloader.py @@ -20,6 +20,24 @@ from .settings_manager import get_settings_manager logger = logging.getLogger(__name__) +def _try_certifi_ca_path() -> str | None: + """Return the certifi CA bundle path if available, else None.""" + try: + import certifi # type: ignore[import-untyped] + + path = certifi.where() + if os.path.isfile(path): + logger.debug( + "aria2 --ca-certificate: using certifi CA bundle at %s", path + ) + return path + except ImportError: + pass + + logger.debug("aria2 --ca-certificate: certifi not available") + return None + + CIVITAI_DOWNLOAD_URL_PREFIXES = ( "https://civitai.com/api/download/", "https://civitai.red/api/download/", @@ -423,6 +441,11 @@ class Aria2Downloader: f"--rpc-listen-port={self._rpc_port}", f"--rpc-secret={self._rpc_secret}", "--check-certificate=true", + # Point aria2 at certifi's CA bundle when available so it uses + # the same certificate store as Python downloads. + *(( + f"--ca-certificate={ca_cert}", + ) if (ca_cert := _try_certifi_ca_path()) else ()), "--allow-overwrite=true", "--auto-file-renaming=false", "--file-allocation=none",