Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 06 Aug 2018 17:55:32 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 230414] security/py-certifi: add option to use certificate bundle from ca_root_nss
Message-ID:  <bug-230414-7788@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230414

            Bug ID: 230414
           Summary: security/py-certifi: add option to use certificate
                    bundle from ca_root_nss
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: python@FreeBSD.org
          Reporter: sergey@akhmatov.ru
             Flags: maintainer-feedback?(python@FreeBSD.org)
          Assignee: python@FreeBSD.org

Created attachment 195946
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D195946&action=
=3Dedit
py-certifi use CAs from ca_root_nss

The proposed patch adds option to use certificate bundle from
security/ca_root_nss instead of one shipped with certifi.

The idea behind this patch is to add ability to trust to some extra local C=
As.
Such functionality is going to be added to ca_root_nss soon (I hope):
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D160387

I think it would be convenient to use trusted certificates from single sour=
ce.

---
QA: poudriere testport with option ON and OFF builds fine

The behavior doesn't change with option OFF.
With option ON the behavior is as expected:

>>> import certifi
>>> certifi.where()
'/usr/local/etc/ssl/cert.pem'

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230414-7788>