|
|
|
|
|
|
by thewisenerd
50 days ago
|
|
|
thankfully more and more projects are supporting the "standard" SSL_CERT_DIR/SSL_CERT_FILE environment variables [1] i think requests is a tricky one, as it _should_ be supporting it already based on the PR [2], but looks like it was merged in the 3.x branch and idk where that is, release-wise. there is also native TLS on linux (idk what exactly you call it); but cp cert.pem /usr/local/share/ca-certificates/cert.pem && update-ca-certificates
all languages also seem to have packages around providing cert bundles which get used directly (e.g., certifi [3]), which does cause some pain[1] https://github.com/rustls/rustls-native-certs/issues/16#issu... [2] https://github.com/psf/requests/issues/2899 [3] https://pypi.org/project/certifi/ |
|
|
is when python 3.13 [1] introduced some stricter validations and the CASB issued certs were not compliant (missing AKI); which broke REQUESTS_CA_BUNDLE/SSL_CERT_FILE for us
[1] https://discuss.python.org/t/python-3-13-x-ssl-security-chan...