Antoine Pitrou added the comment: > I think we can improve the situation with shipping our own CA certs. > Almost every operating system or distribution comes with a set of CA > certs.
Why would we ship our own CA certs if every OS comes with CA certs? > I lots of Linux distributions and most BSD systems. All except > FreeBSD install CA certs by default. A fresh FreeBSD systems doesn't > have certs but ``pkg_add -r ca-root-nss`` fixes that. Kudos to FreeBSD. Anyway, isn't SSLContext.set_default_verify_paths() enough already? > Here is a full list: [snip full list] I don't think it's a good idea to maintain a list of hard-coded paths in Python: it's not manageable, and it will always become outdated. If there was a widely-respected standard (e.g. in FHS or LSB), things would be a lot better. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13655> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com