Author eric.araujo
Recipients benjamin.peterson, eric.araujo, jcea, loewis, naif, pitrou
Date 2013-02-05.16:44:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Copy of a message by Christian Heimes on a duplicate report:
For effective SSL server cert validation a bundle of trustworthy CA certs is required. Most system ship such a bundle but it's not always possible to access the bundle from Python / OpenSSL. Windows and Mac OS X come into my mind. wget and curl ship a copy of Mozilla's CA cert bundle.

The site explains how to extract the CA certs in PEM format. I suggest that we ship the CA bundle with Python and use a lookup chain:

- user defined path to a cacert directory or cacert.pem file

- cacert directory or PEM file in the user's home directory: 
  cacertdir = os.path.join(site.USER_SITE, os.pardir, "cacert")
  cacertfile = os.path.join(site.USER_SITE, os.pardir, "cacert.pem")

- system's ca cert directory (/etc/ssl/certs on Linux)

- CA cert bundle shipped with the Python installation.
Date User Action Args
2013-02-05 16:44:06eric.araujosetrecipients: + eric.araujo, loewis, jcea, pitrou, benjamin.peterson, naif
2013-02-05 16:44:06eric.araujosetmessageid: <>
2013-02-05 16:44:06eric.araujolinkissue13655 messages
2013-02-05 16:44:05eric.araujocreate