document set_default_verify_paths caveats (#667)

* document set_default_verify_paths caveats fixes #642 * add a bit more detail * weasel words
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-07-19 21:34:01 +0200
committer: Alex Gaynor <alex.gaynor@gmail.com> 2017-07-19 15:34:01 -0400
commit: ad44ccd817dbd6aa0949c19381ac56841919afc7 (patch)
tree: f334e8e32730f3defe012606f0ee64d9ecef1d21 /doc
parent: dc996b108faaa0a91eceaffce2972f21c61ccc9c (diff)
download: pyopenssl-ad44ccd817dbd6aa0949c19381ac56841919afc7.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index 00cae9b..53bcf40 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -307,8 +307,15 @@ Context objects have the following methods:
 .. py:method:: Context.set_default_verify_paths()
 
     Specify that the platform provided CA certificates are to be used for
-    verification purposes.  This method may not work properly on OS X.
-
+    verification purposes. This method has some caveats related to the
+    binary wheels that cryptography (pyOpenSSL's primary dependency) ships:
+
+    * macOS will only load certificates using this method if the user has
+      the ``openssl@1.1`` Homebrew formula installed in the default location.
+    * Windows will not work.
+    * manylinux1 cryptography wheels will work on most common Linux distributions
+      in pyOpenSSL 17.1.0 and above.  pyOpenSSL detects the manylinux1 wheel and
+      attempts to load roots via a fallback path.
 
 .. py:method:: Context.load_tmp_dh(dhfile)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-07-19 21:34:01 +0200
committer	Alex Gaynor <alex.gaynor@gmail.com>	2017-07-19 15:34:01 -0400
commit	ad44ccd817dbd6aa0949c19381ac56841919afc7 (patch)
tree	f334e8e32730f3defe012606f0ee64d9ecef1d21 /doc
parent	dc996b108faaa0a91eceaffce2972f21c61ccc9c (diff)
download	pyopenssl-ad44ccd817dbd6aa0949c19381ac56841919afc7.tar.gz