CfnResource() should use default value ssl_verify=None

[wonghiukong]

Hi,

I noticed that in 2.0.8 version, CfnResource() uses ssl_verify=True as the default value and feed it into boto3.client(verify=ssl_verify) :
https://github.com/aws-cloudformation/custom-resource-helper/blob/main/crhelper/resource_helper.py#L30

However, the default value in boto3 client is actually verify=None . And there's actually difference regarding how boto3 interprets these values. Based on my experiment, the boto3.client verify param values are:

1. verify=None: (Default) will do ssl verify, using default CA bundle, or the one from AWS_CA_BUNDLE environment variable if specified.
2. verify=True : will do ssl verify, using default CA bundle, ignoring AWS_CA_BUNDLE env var.
3. verify=False: will not do ssl verify.
4. verify=/path/to/ca_bundle: will do ssl verify, using the path in this param, ignoring AWS_CA_BUNDLE env var.

With the current implementation in crhelper, if I want to use the CA bundle from the AWS_CA_BUNDLE env var, I have to explicitly call `CfnResource(ssl_verify=None) which is awkward. That's why I suggest crhelper to change the default value of ssl_verify to None to match the boto3 default value. Thanks!

[rstevens011]

@wonghiukong @jaymccon PR for this is above ^