Author ronaldoussoren
Recipients benjamin.peterson, brian.curtin, christian.heimes, dilettant, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren
Date 2013-07-08.06:15:25
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1373264125.74.0.00869298608224.issue17128@psf.upfronthosting.co.za>
In-reply-to
Content
The file not even empty, it doesn't even exist in default installations.

As Ned mentioned the CA roots on OSX are stored in a system database (the keychain). The situation is more or less the same as on Windows: their either needs to be code that queries the system keychain to get the CA roots, or we need to use some other CA list (like the mozilla one). 

I'd prefer the former because that's easier for the end user (add the company-wide CA cert to the system database to configure it system wide instead of hunting down where every app stores it CA list).

One glitch: a lot of Apple API's above the Unix layer are unsafe when used in a process started with os.fork (without calling execv), I don't know yet if the keychain APIs are also affected by this.
History
Date User Action Args
2013-07-08 06:15:25ronaldoussorensetrecipients: + ronaldoussoren, loewis, georg.brandl, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, ned.deily, eric.araujo, brian.curtin, esc24, dilettant, mlen
2013-07-08 06:15:25ronaldoussorensetmessageid: <1373264125.74.0.00869298608224.issue17128@psf.upfronthosting.co.za>
2013-07-08 06:15:25ronaldoussorenlinkissue17128 messages
2013-07-08 06:15:25ronaldoussorencreate