[Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414

            Bug ID: 230414
           Summary: security/py-certifi: add option to use certificate
                    bundle from ca_root_nss
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: python at FreeBSD.org
          Reporter: sergey at akhmatov.ru
             Flags: maintainer-feedback?(python at FreeBSD.org)
          Assignee: python at FreeBSD.org

Created attachment 195946
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=195946&action=edit
py-certifi use CAs from ca_root_nss

The proposed patch adds option to use certificate bundle from
security/ca_root_nss instead of one shipped with certifi.

The idea behind this patch is to add ability to trust to some extra local CAs.
Such functionality is going to be added to ca_root_nss soon (I hope):
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160387

I think it would be convenient to use trusted certificates from single source.

---
QA: poudriere testport with option ON and OFF builds fine

The behavior doesn't change with option OFF.
With option ON the behavior is as expected:

>>> import certifi
>>> certifi.where()
'/usr/local/etc/ssl/cert.pem'

-- 
You are receiving this mail because:
You are the assignee for the bug.