Le vendredi 02 décembre 2016 à 13:23 -0800, Volker Braun a écrit : > On Friday, December 2, 2016 at 9:39:13 AM UTC+1, Dima Pasechnik > wrote: > > Do you understand the story about root certs here? Is it a missing > > python code (in some package, existing or not?) that would be able > > to access OSX certs store? > > Apple has the root certs in their own keychain, which OpenSSL can't > read (i.e. Apple did not upstream their patches to OpenSSL). You can > manually extract the root certs or download an independent copy of > them. Either way, a self-compiled OpenSSL will not benefit from OS > updates to the root cert store.
This is an extremely serious problem, which I didn't grasp initially. (To me, it's probably a conta-indication of Macs to anything a bit serious : somehow, I have less trust in Apple's administration of the root certs than, say, Debian's. Prejudiced ? Certainly : I've been burned before...). Do you know if openSSL could be retro-patched to be able to use the systemwide installation of Apple's root certs (which, by hypothesis, would be updated as needed) as a default ? I think that this question has both technical and (pseudo-)legal aspects. --Emmanuel Charpentier -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
