[Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 23 15:55:54 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414
--- Comment #7 from Michael Osipov <michael.osipov at siemens.com> ---
(In reply to Kubilay Kocak from comment #6)
While I share your view on having this solved upstream, even if this is
supported one has to maintain yet another cert store. I maintain for OpenSSL,
annoyingy for Java (already initiated a change to RFC 7468, see
https://bugs.openjdk.java.net/browse/JDK-8224891) and now for Python,
eventhough it uses OpenSSL? This is actually a maintanence nightmare.
Especially because for our entprise I need to consolidate three sources: NSS,
Quo Vadis and Siemens. Consider that FreeBSD, RHEL, Windows, macOS already
provide means to maintain a store. That shall be enough. (see also my issues
with certctl(8))
I am also fully aware of the issue on GitHub. I have already left a few
comments. Christian Heimes has also mentioned you about previous work. I'd be
very helpful if you could leave a comment from your POV regarding Python on
FreeBSD which can help to move this forward. Moreover, 3.0.0 may take some
serious time to land. I do not really want to reinvent the wheel meantime. One
would need to introduce py-certifi-unix just like py-certifi-win32 which probes
for the Unix version and patches appropriate bits.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-python
mailing list