Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Do not rely on certifi for root certificates #128

Open
dsturnbull opened this issue Feb 10, 2022 · 2 comments
Open

[FEATURE] Do not rely on certifi for root certificates #128

dsturnbull opened this issue Feb 10, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@dsturnbull
Copy link

Is your feature request related to a problem?
The certifi library has a software licence that can be problematic. Similar to #111. It could also be preferable to maintain root certs at an operating system level rather than purely at a dependency level.

What solution would you like?
Allow certifi to be an optional dependency. When it's not installed, do what boto3 does.

https://github.com/boto/botocore/blob/740994514c0e1d010f17a060c1eb24c64346bbaf/botocore/httpsession.py#L47

try:
    from certifi import where
except ImportError:
    def where():
        return DEFAULT_CA_BUNDLE

What alternatives have you considered?
We have written a script to remove the certifi library from our virtualenv and replaces it with a dummy package of the same name. This satisfies the packager's dependency requirements and allows us to ship a non-encumbered artifact.
@dsturnbull dsturnbull added enhancement New feature or request needs-triage labels Feb 10, 2022
@axeoman axeoman added untriaged Need triage and removed needs-triage labels Feb 14, 2022
sf-project-io pushed a commit to softwarefactory-project/sf-infra that referenced this issue Jun 7, 2022
@danpawlik
Provide CA cert for logsender
0d400a0 
The logsender can not send data to the Opensearch due
opensearchpy is using urllib3, that only respects root CA certs
provided by certifi library.
More info [1]

Depends-On: https://review.opendev.org/c/openstack/ci-log-processing/+/844576

[1] opensearch-project/opensearch-py#128

Change-Id: If375e30a113b568cfd7ea1a05205e48ac726d3c7
@wbeckler
Copy link
Contributor

wbeckler commented Aug 5, 2022

@dsturnbull @sf-project-io feel free to submit a PR fixing this in this repo.

@wbeckler wbeckler removed the untriaged Need triage label Nov 3, 2022
@saimedhi
Copy link
Collaborator

saimedhi commented Sep 8, 2023

@dsturnbull Please feel free to take up this issue and raise a PR with your proposed solution. Thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dsturnbull @wbeckler @axeoman @saimedhi