[Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Aug 7 10:35:55 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414
--- Comment #2 from Sergey Akhmatov <sergey at akhmatov.ru> ---
(In reply to Kubilay Kocak from comment #1)
I see your point. But the approach to use certifi as a wrapper to "system"
trust store is not uncommon. E.g. OpenBSD and Debian is using it by default:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/devel/py-certifi/patches/patch-certifi_core_py?rev=1.4&content-type=text/x-cvsweb-markup
https://sources.debian.org/src/python-certifi/2018.4.16-1/debian/patches/0001-Use-Debian-provided-etc-ssl-certs-ca-certificates.cr.patch/
Is FreeBSD strictly against such approach?
The main point is not to use "system" truststore, but to be able to add local
trusted certificates to certifi, and certifi doesn't seem to implement it:
https://github.com/certifi/python-certifi/issues/22
We could reach this goal if adding local CAs to store would be implemented in
ca_root_nss and certifi just using it.
Maybe we should start some discussion on maillists to hear more opinions?
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the freebsd-python
mailing list