Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow the CA certificate data to be passed as a string. #1804

Merged
merged 3 commits into from Feb 22, 2020
Merged

Allow the CA certificate data to be passed as a string. #1804

merged 3 commits into from Feb 22, 2020

Conversation

jeamland
Copy link
Contributor

There are some circumstances where we may want to pass the PEM-encoded certificates directly to the SSLContext rather than passing a file or directory. This just plums SSLContext.load_verify_locations()'s cadata parameter through to places where it can be reached.

@sigmavirus24
Copy link
Contributor

Doesn't urllib3 allow users to pass their own SSLContext?

@jeamland
Copy link
Contributor Author

It does but that's not what requests appears to do. Do you feel that it should?

@sigmavirus24
Copy link
Contributor

I think you can define your own Adapter class in Requests that will allow you to pass down to urllib3 a custom SSLContext. That would give you the functionality you want as far as I understand, especially since it sounds like you control the code calling Requests.

@jeamland
Copy link
Contributor Author

Actually at the moment you can't even import requests as it calls certifi.where() unconditionally. This is part of an effort to remove that in a way that makes requests "just work".

@sigmavirus24
Copy link
Contributor

Actually at the moment you can't even import requests as it calls certifi.where() unconditionally. This is part of an effort to remove that in a way that makes requests "just work".

I understand that PyOxidizer doesn't have a file-system like thing but does that mean __file__ or os.path.join are broken? That was not made remotely clear on certifi

@jeamland
Copy link
Contributor Author

PyOxidizer does not set __file__ at all. os.path.join would work for accessing "normal" files but using it to access resources by pivoting off the filesystem path of a module will never work.

@sigmavirus24
Copy link
Contributor

This should make it easier to use cadata from requests though. I'll let one of the real maintainers here approve/provide feedback but otherwise this looks good to me

sethmlarson
sethmlarson approved these changes Feb 22, 2020
View reviewed changes
Copy link
Member

@sethmlarson sethmlarson left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, thank you for a very high-quality PR. Also thanks to @sigmavirus24 for handling 95% of this PR. :)

Also TIL about PyOxidizer not having access to packages at a filesystem level. That's becoming a requirement for more Python-related tasks it seems eg PyOxidizer, Py2EXE, etc. Maybe needs to be an effort to try loading certifi via certifi.contents() in Requests if certifi.where() fails?

@sethmlarson sethmlarson merged commit c422c02 into urllib3:master Feb 22, 2020
@MarSoft MarSoft mentioned this pull request Jun 1, 2020
Closed
Dobatymo pushed a commit to Dobatymo/urllib3 that referenced this pull request Mar 16, 2022
@jeamland
Allow the CA certificate data to be passed as a string (urllib3#1804)
00c42f1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sethmlarson sethmlarson sethmlarson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jeamland @sigmavirus24 @sethmlarson