https://bugzilla.novell.com/show_bug.cgi?id=761501
https://bugzilla.novell.com/show_bug.cgi?id=761501#c20
--- Comment #20 from James Oakley
Just patch the code away that does a fallback to some bundle. That's better than patchin in yet another path.
Except that won't work on other distros. The current requests patch can be upstreamed.
Doesn't matter whether the system certificate store was loaded successfully as long as certificate checking is guaranteed to be on always. If loading the store fails (which is basically impossible with the CA directory) all certificate validations would fail. Ie fail-safe behavior.
Feel free to look at the code in the requests module. The actual validation occurs in a totally different place in the code that than the determination of the cert store. The code needs some way to figure out if the store is actually correct, and fall back if necessary.
You need to handle that anyways. If self-signed certs "work" without any extra handling by an application/module it's pretty obvious that no certificate checking was done ie the connection is unsafe.
But if you make it always on, then you can't use self-signed certs at all. That will break a LOT of things. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.