On 17Apr2018 0246, Oleg Sivokon wrote:
It is common practice in corporate networks that connect MS Windows machines to redirect
all (encrypted included) traffic through company's router. For this purpose routers are
usually configured to act as a CA. However, the certificate issued by such
"CA" will of course not be found in the certificates distributed with LibreSSL
(how would they even know?). MS Windows networking, however, has a way to configure
these policies.
Prior to this issue, Python relied on the OS libraries to implement TLS
protocol, so the overall setup worked transparently for users. Since 3.6.5,
however, this is no longer possible (requires alteration of certificates
distributed with Python).
If you are referring to Python on Windows, this was never true. We've
always relied on OpenSSL and at best will read locally installed
certificates (and by default, most certificates are not locally
installed). This should not have changed recently, and certainly not
with the bug you reference.
I'm asking that this be made configurable / possible to disable using simple
means, perhaps an environment variable / registry key or similar.
I'm not clear on what you're asking for. The only thing we can disable
is reading OS certificates into OpenSSL, and that would be the opposite
of what you are having trouble with.
Perhaps this is an issue with pip more specifically than Python?
PS. I still cannot register to the bug tracker (never received a confirmation
email), this is why you are reading this email.
I would guess it ended up in a junk mail folder, though that may be
controlled by your organization rather than anywhere you can get to it.
Perhaps using an alternate email address will be easiest?
Cheers,
Steve
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
