Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load system default CAs when explicit CA not provided #1883

Merged
merged 1 commit into from
Aug 16, 2019
Merged

Load system default CAs when explicit CA not provided #1883

merged 1 commit into from
Aug 16, 2019

Conversation

iAnomaly
Copy link
Contributor

@iAnomaly iAnomaly commented Aug 16, 2019
edited by dpkp
Loading

Resolves #1795.

This change is Reviewable

@jeffwidman jeffwidman merged commit ace6af5 into dpkp:master Aug 16, 2019
@jeffwidman
Copy link
Contributor

Thanks!

I noticed that #1795 limited loading the default to only when ssl_check_hostname was True.

It makes sense to me to fall back to defaults, but I have not worked a lot with SSL, so did you already consider this? Just want to make sure it was an intentional choice and not an oversight.

@iAnomaly iAnomaly deleted the patch-1 branch August 16, 2019 23:01
@iAnomaly
Copy link
Contributor Author

iAnomaly commented Aug 16, 2019
edited
Loading

@jeffwidman Thanks for confirming, but yes; it was an intentional choice:

Even if the user decides to ignore the hostname check against the certificate, the handshake will still fail without a valid chain of trust if the root certificate authority is unknown (i.e. without loading the system default CAs that contain the chains of trust).

@iAnomaly
Copy link
Contributor Author

@jeffwidman I need this fix released to resolve a downstream consumer. Is it possible for you or another maintainer to cut a patch release?

@iAnomaly
Copy link
Contributor Author

iAnomaly commented Sep 9, 2019

@dpkp Can you help here? Is it possible to cut a patch release with this fix? Thanks.

@iAnomaly iAnomaly mentioned this pull request Sep 24, 2019
Closed
@dpkp
Copy link
Owner

dpkp commented Sep 30, 2019

Included in 1.4.7, which is now released + live on pypi

@iAnomaly iAnomaly mentioned this pull request Oct 1, 2019
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Load default certs for SSL
3 participants
@iAnomaly @jeffwidman @dpkp