[Python-modules-team] Bug#781610: python-requests: ships CA certificate bundle
Daniele Tricoli
eriol at mornie.org
Tue Mar 31 18:29:04 UTC 2015
tags 781610 +moreinfo
thanks
Hi Thorsten,
thanks for the report.
On Tuesday 31 March 2015 17:24:06 Thorsten Glaser wrote:
> python-requests_2.4.3-6_all.deb/deb://CONTENTS/usr/lib/python2.7/dist-packag
> es/requests/certs.py should be a symbolic link to
> /etc/ssl/certs/ca-certificates.crt
requests.certs is not a CA bundle, it's a module that permits downstream
developers to specify where the CA bundle is:
❯ cat /usr/lib/python2.7/dist-packages/requests/certs.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
certs.py
~~~~~~~~
This module returns the preferred default CA certificate bundle.
If you are packaging Requests, e.g., for a Linux distribution or a managed
environment, you can change the definition of where() to return a separately
packaged CA bundle.
"""
import os.path
try:
from certifi import where
except ImportError:
def where():
"""Return the preferred certificate bundle."""
# On Debian systems use ca-certificates
return '/etc/ssl/certs/ca-certificates.crt'
if __name__ == '__main__':
print(where())
So, it's just a function that returns a path. On Debian it's patched to
return: /etc/ssl/certs/ca-certificates.crt.
upstream requests use certifi[¹] but is not used on Debian because we have
already ca-certificates.
You can also see my reply on #779528 (it's a request to package certifi):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779528#10
Am I missing something else?
Kind regards,
[¹] https://pypi.python.org/pypi/certifi
--
Daniele Tricoli 'Eriol'
http://mornie.org
More information about the Python-modules-team
mailing list