apache · potiuk · Feb 8, 2024 · Feb 7, 2024 · Feb 7, 2024 · Feb 7, 2024
diff --git a/airflow/providers/mongo/hooks/mongo.py b/airflow/providers/mongo/hooks/mongo.py
@@ -19,7 +19,6 @@
 from __future__ import annotations
 
 import warnings
-from ssl import CERT_NONE
 from typing import TYPE_CHECKING, Any, overload
 from urllib.parse import quote_plus, urlunsplit
 
@@ -75,6 +74,10 @@ def __init__(self, mongo_conn_id: str = default_conn_name, *args, **kwargs) -> N
         self.client: MongoClient | None = None
         self.uri = self._create_uri()
 
+        self.allow_insecure = True
+        if self.extras.get("ssl", False):
+            self.allow_insecure = False
+
     def __enter__(self):
         return self
 
@@ -96,14 +99,8 @@ def get_conn(self) -> MongoClient:
         # Mongo Connection Options dict that is unpacked when passed to MongoClient
         options = self.extras
 
-        # If we are using SSL disable requiring certs from specific hostname
-        if options.get("ssl", False):
-            if pymongo.__version__ >= "4.0.0":
-                # In pymongo 4.0.0+ `tlsAllowInvalidCertificates=True`
-                # replaces `ssl_cert_reqs=CERT_NONE`
-                options.update({"tlsAllowInvalidCertificates": True})
-            else:
-                options.update({"ssl_cert_reqs": CERT_NONE})
+        # set the tlsAllowInvalidCertificates based on allow_insecure
+        options["tlsAllowInvalidCertificates"] = self.allow_insecure
 
         self.client = MongoClient(self.uri, **options)
         return self.client