Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 May 2020 15:55:53 +0000
From:      bugzilla-noreply@freebsd.org
To:        python@FreeBSD.org
Subject:   [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
Message-ID:  <bug-230414-21822-oUodsC25Zy@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
References:  <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230414

--- Comment #7 from Michael Osipov <michael.osipov@siemens.com> ---
(In reply to Kubilay Kocak from comment #6)

While I share your view on having this solved upstream, even if this is
supported one has to maintain yet another cert store. I maintain for OpenSS=
L,
annoyingy for Java (already initiated a change to  RFC 7468, see
https://bugs.openjdk.java.net/browse/JDK-8224891) and now for Python,
eventhough it uses OpenSSL? This is actually a maintanence nightmare.
Especially because for our entprise I need to consolidate three sources: NS=
S,
Quo Vadis and Siemens. Consider that FreeBSD, RHEL, Windows, macOS already
provide means to maintain a store. That shall be enough. (see also my issues
with certctl(8))

I am also fully aware of the issue on GitHub. I have already left a few
comments. Christian Heimes has also mentioned you about previous work. I'd =
be
very helpful if you could leave a comment from your POV regarding Python on
FreeBSD which can help to move this forward. Moreover, 3.0.0 may take some
serious time to land. I do not really want to reinvent the wheel meantime. =
One
would need to introduce py-certifi-unix just like py-certifi-win32 which pr=
obes
for the Unix version and patches appropriate bits.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-21822-oUodsC25Zy>