You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
Although certifi labels itself as a trust root source, due to its commonness, it is a good vector for injecting OS-provided trust root for a huge number of Python packages at the same time. At SUSE, we patch the certifi.where() method to return the system trust root bundle and remove the installed trust root. That obviously cannot work when a package accesses the pem file directly.
It is also fragile: certifi could rename their pem bundle at any time, because it's not part of their API.
The line should be replaced with:
import certifi
return certifi.where()
I'll try to send a PR when I get to it.
The text was updated successfully, but these errors were encountered:
https://github.com/pypa/setuptools/blob/master/setuptools/ssl_support.py#L245
This line fetches the install directory of
certifiand extracts filecacert.pemfrom it.Although
certifilabels itself as a trust root source, due to its commonness, it is a good vector for injecting OS-provided trust root for a huge number of Python packages at the same time. At SUSE, we patch thecertifi.where()method to return the system trust root bundle and remove the installed trust root. That obviously cannot work when a package accesses the pem file directly.It is also fragile:
certificould rename their pem bundle at any time, because it's not part of their API.The line should be replaced with:
I'll try to send a PR when I get to it.
The text was updated successfully, but these errors were encountered: