From 8baec26c98fc26022703b7f394735bd20c75f6cc Mon Sep 17 00:00:00 2001
From: Jim Halfpenny <jim@source321.com>
Date: Wed, 3 Sep 2025 07:28:10 +0100
Subject: [PATCH 1/3] Fixed TLS support for Trino connector by adding the TLS
 verify option

---
 desktop/libs/notebook/src/notebook/connectors/trino.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/desktop/libs/notebook/src/notebook/connectors/trino.py b/desktop/libs/notebook/src/notebook/connectors/trino.py
index 1c70f91d9eb..325db185a01 100644
--- a/desktop/libs/notebook/src/notebook/connectors/trino.py
+++ b/desktop/libs/notebook/src/notebook/connectors/trino.py
@@ -71,6 +71,13 @@ def __init__(self, user, interpreter=None):
       self.auth_password = auth_password
       self.auth = BasicAuthentication(self.auth_username, self.auth_password)
 
+    if self.http_scheme == "https":
+      verify = self.options.get('verify')
+      if verify is not None:
+        self.verify = verify
+      else:
+        self.verify = False
+
     self.session_info = self.create_session()
     self.trino_session = ClientSession(self.user.username, properties=self.session_info['properties'])
     self.trino_request = TrinoRequest(
@@ -78,7 +85,8 @@ def __init__(self, user, interpreter=None):
       port=self.server_port,
       client_session=self.trino_session,
       http_scheme=self.http_scheme,
-      auth=self.auth
+      auth=self.auth,
+      verify=self.verify
     )
 
   def get_auth_password(self):

From ddbeb9ada6f2faf2e728062ea600cf2ef992247c Mon Sep 17 00:00:00 2001
From: Jim Halfpenny <jim@source321.com>
Date: Mon, 8 Sep 2025 07:56:47 +0100
Subject: [PATCH 2/3] Allow passing the parameter 'verify' to Trino connection
 to manage TLS host verification.

---
 .../libs/notebook/src/notebook/connectors/trino.py   | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/desktop/libs/notebook/src/notebook/connectors/trino.py b/desktop/libs/notebook/src/notebook/connectors/trino.py
index 1c70f91d9eb..55fc85d7e52 100644
--- a/desktop/libs/notebook/src/notebook/connectors/trino.py
+++ b/desktop/libs/notebook/src/notebook/connectors/trino.py
@@ -71,6 +71,15 @@ def __init__(self, user, interpreter=None):
       self.auth_password = auth_password
       self.auth = BasicAuthentication(self.auth_username, self.auth_password)
 
+    if self.http_scheme == "https":
+      verify = self.options.get('verify')
+      if verify is not None:
+        self.verify = verify
+      else:
+        # Setting a non-existant trust store if the verify parameter is not set.
+        # This was admins must explictly set verify=False to disable TLS host verification.
+        self.verify = '/days/of/no/trust'
+
     self.session_info = self.create_session()
     self.trino_session = ClientSession(self.user.username, properties=self.session_info['properties'])
     self.trino_request = TrinoRequest(
@@ -78,7 +87,8 @@ def __init__(self, user, interpreter=None):
       port=self.server_port,
       client_session=self.trino_session,
       http_scheme=self.http_scheme,
-      auth=self.auth
+      auth=self.auth,
+      verify=self.verify
     )
 
   def get_auth_password(self):

From 08321c0598a2837b186c38b25ae7195089e5b083 Mon Sep 17 00:00:00 2001
From: Jim Halfpenny <jim@source321.com>
Date: Mon, 8 Sep 2025 11:00:00 +0100
Subject: [PATCH 3/3] Fixed typo in comment

---
 desktop/libs/notebook/src/notebook/connectors/trino.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/desktop/libs/notebook/src/notebook/connectors/trino.py b/desktop/libs/notebook/src/notebook/connectors/trino.py
index 55fc85d7e52..d3b1351daee 100644
--- a/desktop/libs/notebook/src/notebook/connectors/trino.py
+++ b/desktop/libs/notebook/src/notebook/connectors/trino.py
@@ -77,7 +77,7 @@ def __init__(self, user, interpreter=None):
         self.verify = verify
       else:
         # Setting a non-existant trust store if the verify parameter is not set.
-        # This was admins must explictly set verify=False to disable TLS host verification.
+        # This means that admins must explictly set verify=False to disable TLS host verification.
         self.verify = '/days/of/no/trust'
 
     self.session_info = self.create_session()