Message192634
How about we include certsync [1] as an external program then? It's not as elegant as an internal API but it's not going to cause trouble with forking servers.
The first time a root CA cert is require, some new code in Python's SSL module runs certsync and grabs the list of PEM encoded certs from its stdout. The output is cached in a module variable and loaded with the new features from #16487 and #18138.
How does that sound to you?
[1] https://svn.macports.org/repository/macports/trunk/dports/security/certsync/files/certsync.m |
|
Date |
User |
Action |
Args |
2013-07-08 11:48:49 | christian.heimes | set | recipients:
+ christian.heimes, loewis, georg.brandl, ronaldoussoren, orsenthil, pitrou, larry, benjamin.peterson, ned.deily, eric.araujo, brian.curtin, esc24, dilettant, mlen |
2013-07-08 11:48:49 | christian.heimes | set | messageid: <1373284129.58.0.205811312398.issue17128@psf.upfronthosting.co.za> |
2013-07-08 11:48:49 | christian.heimes | link | issue17128 messages |
2013-07-08 11:48:49 | christian.heimes | create | |
|