From 55fb34146c496e7c997d7418e16dd67a191fca7f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 29 Jun 2017 18:44:08 -0500 Subject: try loading trusted certs from a list of fallbacks (#633) * try loading trusted certs from a list of fallbacks pyca/cryptography will shortly begin shipping a wheel. Since SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the library, this will start failing to load the proper certificates for users on many linux distributions. To avoid this we can use the Go solution of iterating over a list of potential candidates and loading it when found. * capath is lazy loaded so we need to do a lot more checks This now checks to see if env vars are set as well as seeing if the dir exists and has valid certs in it. If either of those are true (or the number of certs is > 0) it won't load the fallback. If it does do the fallback it will also attempt to load certs from a dir as a final fallback * remove an early return * this shouldn't be commented out * oops * very limited testing * sigh, can't use these py3 exceptions of course * expand the tests a bit * coverage! * don't need this now * change the approach to use a pyca/cryptography guard value * test fix * older python sometimes calls itself linux2 * flake8 * add changelog * coverage * slash opt --- tox.ini | 1 + 1 file changed, 1 insertion(+) (limited to 'tox.ini') diff --git a/tox.ini b/tox.ini index 9248041..76e1c5b 100644 --- a/tox.ini +++ b/tox.ini @@ -8,6 +8,7 @@ passenv = ARCHFLAGS CFLAGS LC_ALL LDFLAGS PATH LD_LIBRARY_PATH TERM deps = coverage>=4.2 pytest>=3.0.1 + pretend cryptographyMaster: git+https://github.com/pyca/cryptography.git cryptographyMinimum: cryptography<=1.9 setenv = -- cgit v1.2.1