New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include CA bundle and provide access to system's CA #61331
Comments
For effective SSL server cert validation a bundle of trustworthy CA certs is required. Most system ship such a bundle but it's not always possible to access the bundle from Python / OpenSSL. Windows and Mac OS X come into my mind. wget and curl ship a copy of Mozilla's CA cert bundle. The site http://curl.haxx.se/docs/caextract.html explains how to extract the CA certs in PEM format. I suggest that we ship the CA bundle with Python and use a lookup chain:
|
Shouldn't it be a duplicate of bpo-13655? |
FYI, at the moment, the PSF OS X installers dynamically link with the operating system supplied libssl and use its CA management policies. bpo-17128 proposes changing that because Apple has deprecated the use of the system openssl in OS X. |
Agree this is a duplicate. I also think it’s a feature request. |
Yes, it's a duplicate of bpo-13665. Sorry, I didn't make a proper search. Although this is a new feature it's a fundament for cert validation. |
I found a recipe to retrieve CA certs from Window's cert store, see bpo-17134. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: