This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ned.deily
Recipients benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren
Date 2014-01-31.19:28:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Update: the MacPorts certsync daemon has matured and is now included as
an optional MacPorts port.

It's not a perfect solution as noted in the macports-devel thread:

>>The only catch is that custom added certificates or trust anchors need
>>to be in the system keychain to be picked up by certsync by default.
>Yeah, this was an unfortunate trade-off; since certsync is a system-wide 
>daemon, and the resulting CA certs file is also system-wide, it seemed to
>be the most appropriate course of action. Most of the alternatives involve
>patching OpenSSL and some of the software that depends on it, which is a
>road I'm personally wary of committing to.

It works by registering a launchd agent that is run whenever any of the
system keychain files or trust setting files are modified.  That raises the
issues of when and how a Python install should register the agent (will
likely need admin/root privileges to do that) and how to delete the agent
(we currently don't have a formal uninstall procedure on OS X).  It would
be easier to manage these things with the binary installer-based Pythons,
as provided by, in which case Pythons built by users from source
would still use the deprecated Apple-supplied libssl and libcrypto.  But
I'd like to separate out the building of third-party libraries, like
openssl, from the installer build process so that user source builds can
take advantage of features like this.
Date User Action Args
2014-01-31 19:28:40ned.deilysetrecipients: + ned.deily, loewis, georg.brandl, ronaldoussoren, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen
2014-01-31 19:28:40ned.deilysetmessageid: <>
2014-01-31 19:28:40ned.deilylinkissue17128 messages
2014-01-31 19:28:39ned.deilycreate