[greglindahl]

I want to mess with certs in Python so that my web crawler can actually access the whole web. If you don't talk to a wide variety of hosts, you probably haven't noticed that it's broken for 1%.

[dragonwriter]

If you work in a corporate environment, you would probably notice that systems that insist on bundling their own certs without an easy to activate option of using system cert store are broken. (And even if the library has an easy to use option, if it's easy to not expose it, much software built on the library will still be broken.)

People should be empowered to substitute cert stores, but the system store should be the default.

[fulafel]

A lot of corporate environments are fortunately legally bound and/or princilped about not doing mitm and are using the happy path of internet CAs.

[neuland]

You don't need to be doing MITM to get value out of using an internal CA.

[fulafel]

It's a pain, sometimes it's worth it, oftentimes not.

[greglindahl]

Why yes, my web crawler operates in a corporate environment. It's almost as if different companies have different needs.