Date: Mon, 06 Aug 2018 17:55:32 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss Message-ID: <bug-230414-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414 Bug ID: 230414 Summary: security/py-certifi: add option to use certificate bundle from ca_root_nss Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: python@FreeBSD.org Reporter: sergey@akhmatov.ru Flags: maintainer-feedback?(python@FreeBSD.org) Assignee: python@FreeBSD.org Created attachment 195946 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=195946&action=edit py-certifi use CAs from ca_root_nss The proposed patch adds option to use certificate bundle from security/ca_root_nss instead of one shipped with certifi. The idea behind this patch is to add ability to trust to some extra local CAs. Such functionality is going to be added to ca_root_nss soon (I hope): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160387 I think it would be convenient to use trusted certificates from single source. --- QA: poudriere testport with option ON and OFF builds fine The behavior doesn't change with option OFF. With option ON the behavior is as expected: >>> import certifi >>> certifi.where() '/usr/local/etc/ssl/cert.pem' -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-21822>