Date: Sat, 23 May 2020 15:55:53 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss Message-ID: <bug-230414-21822-oUodsC25Zy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230414 --- Comment #7 from Michael Osipov <michael.osipov@siemens.com> --- (In reply to Kubilay Kocak from comment #6) While I share your view on having this solved upstream, even if this is supported one has to maintain yet another cert store. I maintain for OpenSS= L, annoyingy for Java (already initiated a change to RFC 7468, see https://bugs.openjdk.java.net/browse/JDK-8224891) and now for Python, eventhough it uses OpenSSL? This is actually a maintanence nightmare. Especially because for our entprise I need to consolidate three sources: NS= S, Quo Vadis and Siemens. Consider that FreeBSD, RHEL, Windows, macOS already provide means to maintain a store. That shall be enough. (see also my issues with certctl(8)) I am also fully aware of the issue on GitHub. I have already left a few comments. Christian Heimes has also mentioned you about previous work. I'd = be very helpful if you could leave a comment from your POV regarding Python on FreeBSD which can help to move this forward. Moreover, 3.0.0 may take some serious time to land. I do not really want to reinvent the wheel meantime. = One would need to introduce py-certifi-unix just like py-certifi-win32 which pr= obes for the Unix version and patches appropriate bits. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-21822-oUodsC25Zy>