[Python-modules-team] Bug#781610: python-requests: ships CA certificate bundle

Daniele Tricoli eriol at mornie.org
Tue Mar 31 18:29:04 UTC 2015

tags 781610 +moreinfo

Hi Thorsten,
thanks for the report.

On Tuesday 31 March 2015 17:24:06 Thorsten Glaser wrote:
> python-requests_2.4.3-6_all.deb/deb://CONTENTS/usr/lib/python2.7/dist-packag
> es/requests/certs.py should be a symbolic link to
> /etc/ssl/certs/ca-certificates.crt

requests.certs is not a CA bundle, it's a module that permits downstream 
developers to specify where the CA bundle is:

❯ cat /usr/lib/python2.7/dist-packages/requests/certs.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-


This module returns the preferred default CA certificate bundle.

If you are packaging Requests, e.g., for a Linux distribution or a managed
environment, you can change the definition of where() to return a separately
packaged CA bundle.
import os.path

    from certifi import where
except ImportError:
    def where():
        """Return the preferred certificate bundle."""
        # On Debian systems use ca-certificates
        return '/etc/ssl/certs/ca-certificates.crt'

if __name__ == '__main__':

So, it's just a function that returns a path. On Debian it's patched to 
return: /etc/ssl/certs/ca-certificates.crt.

upstream requests use certifi[¹] but is not used on Debian because we have 
already ca-certificates.

You can also see my reply on #779528 (it's a request to package certifi):

Am I missing something else? 

Kind regards,

[¹] https://pypi.python.org/pypi/certifi

 Daniele Tricoli 'Eriol'

More information about the Python-modules-team mailing list