© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Juan et al,
Right so "python-requests" bundles Mozilla CA Bundle, but this creates a problem when working with a CA not in Mozilla's default Bundle (i.e. self created CA).
The current method of passing the cabundle via config options works well until it's not being used. Which is the result of this bug, proposed solution changes the CA Bundle to be used by default to the system CA bundle which is where any CA not in Mozilla's default CA would be stored. This alleviates the need for requiring os-cacert to be passed via every requests. Which is troublesome since this auth library is used so frequently. Which the problem as I see it, is that this alleviates the need to constantly fight these types of bugs every time they creep up.
Python's SSL library calls libssl to get the default path (at compile time) for the CA bundle. If this is not available or not accurate it will search through several well known locations for a CABundle cert or file system path. This covers the major distro and uses cases where this software is intended to run.
Finally it will fallback to the Mozilla CA Bundle used by requests when being run on Client Machines (OS X, Windows, etc.) or some unknown OS.