https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230414
--- Comment #2 from Sergey Akhmatov <[email protected]> --- (In reply to Kubilay Kocak from comment #1) I see your point. But the approach to use certifi as a wrapper to "system" trust store is not uncommon. E.g. OpenBSD and Debian is using it by default: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/devel/py-certifi/patches/patch-certifi_core_py?rev=1.4&content-type=text/x-cvsweb-markup https://sources.debian.org/src/python-certifi/2018.4.16-1/debian/patches/0001-Use-Debian-provided-etc-ssl-certs-ca-certificates.cr.patch/ Is FreeBSD strictly against such approach? The main point is not to use "system" truststore, but to be able to add local trusted certificates to certifi, and certifi doesn't seem to implement it: https://github.com/certifi/python-certifi/issues/22 We could reach this goal if adding local CAs to store would be implemented in ca_root_nss and certifi just using it. Maybe we should start some discussion on maillists to hear more opinions? -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "[email protected]"
