Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: certifi/python-certifi
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2020.04.05.1
Choose a base ref
...
head repository: certifi/python-certifi
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2020.04.05.2
Choose a head ref
  • 5 commits
  • 4 files changed
  • 3 contributors

Commits on Apr 5, 2020

  1. Goodbye python 2

    @Lukasa
    Lukasa committed Apr 5, 2020
    3
    Copy the full SHA
    5efdd48 View commit details

Commits on Apr 6, 2020

  1. Fix where() so that it works with importlib.resources when available (#… 

    …123)
    @dstufft
    dstufft authored Apr 6, 2020
    Copy the full SHA
    3fc8fec View commit details

Commits on Apr 14, 2020

  1. Clarify trust origin is Mozilla (#126)

    @jflemer-ndp
    jflemer-ndp authored Apr 14, 2020
    Copy the full SHA
    69dbf42 View commit details

  2. [#72] Document policy for cert addition (#127)

    @jflemer-ndp
    jflemer-ndp authored Apr 14, 2020
    1
    Copy the full SHA
    72ef317 View commit details

Commits on Jun 7, 2020

  1. 2020.04.05.2

    @Lukasa
    Lukasa committed Jun 7, 2020
    Copy the full SHA
    93ac658 View commit details
Showing with 47 additions and 12 deletions.
  1. +11 −3 README.rst
  2. +1 −1 certifi/__init__.py
  3. +35 −5 certifi/core.py
  4. +0 −3 setup.py
14 changes: 11 additions & 3 deletions README.rst
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Certifi: Python SSL Certificates
================================

`Certifi`_ is a carefully curated collection of Root Certificates for
`Certifi`_ provides Mozilla's carefully curated collection of Root Certificates for
validating the trustworthiness of SSL certificates while verifying the identity
of TLS hosts. It has been extracted from the `Requests`_ project.

@@ -21,12 +21,12 @@ built-in function::
>>> import certifi

>>> certifi.where()
'/usr/local/lib/python2.7/site-packages/certifi/cacert.pem'
'/usr/local/lib/python3.7/site-packages/certifi/cacert.pem'

Or from the command line::

$ python -m certifi
/usr/local/lib/python2.7/site-packages/certifi/cacert.pem
/usr/local/lib/python3.7/site-packages/certifi/cacert.pem

Enjoy!

@@ -46,3 +46,11 @@ recommended in production and therefore was removed at the end of 2018.

.. _`Certifi`: https://certifiio.readthedocs.io/en/latest/
.. _`Requests`: https://requests.readthedocs.io/en/master/

Addition/Removal of Certificates
--------------------------------

Certifi does not support any addition/removal or other modification of the
CA trust store content. This project is intended to provide a reliable and
highly portable root of trust to python deployments. Look to upstream projects
for methods to use alternate trust.
2 changes: 1 addition & 1 deletion certifi/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
from .core import contents, where

__version__ = "2020.04.05.1"
__version__ = "2020.04.05.2"
40 changes: 35 additions & 5 deletions certifi/core.py
View file
Original file line number Diff line number Diff line change
@@ -9,7 +9,36 @@
import os

try:
from importlib.resources import read_text
from importlib.resources import path as get_path, read_text

_CACERT_CTX = None
_CACERT_PATH = None

def where():
# This is slightly terrible, but we want to delay extracting the file
# in cases where we're inside of a zipimport situation until someone
# actually calls where(), but we don't want to re-extract the file
# on every call of where(), so we'll do it once then store it in a
# global variable.
global _CACERT_CTX
global _CACERT_PATH
if _CACERT_PATH is None:
# This is slightly janky, the importlib.resources API wants you to
# manage the cleanup of this file, so it doesn't actually return a
# path, it returns a context manager that will give you the path
# when you enter it and will do any cleanup when you leave it. In
# the common case of not needing a temporary file, it will just
# return the file system location and the __exit__() is a no-op.
#
# We also have to hold onto the actual context manager, because
# it will do the cleanup whenever it gets garbage collected, so
# we will also store that at the global level as well.
_CACERT_CTX = get_path("certifi", "cacert.pem")
_CACERT_PATH = str(_CACERT_CTX.__enter__())

return _CACERT_PATH


except ImportError:
# This fallback will work for Python versions prior to 3.7 that lack the
# importlib.resources module but relies on the existing `where` function
@@ -19,11 +48,12 @@ def read_text(_module, _path, encoding="ascii"):
with open(where(), "r", encoding=encoding) as data:
return data.read()

# If we don't have importlib.resources, then we will just do the old logic
# of assuming we're on the filesystem and munge the path directly.
def where():
f = os.path.dirname(__file__)

def where():
f = os.path.dirname(__file__)

return os.path.join(f, "cacert.pem")
return os.path.join(f, "cacert.pem")


def contents():
3 changes: 0 additions & 3 deletions setup.py
View file
Original file line number Diff line number Diff line change
@@ -54,9 +54,6 @@
'License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)',
'Natural Language :: English',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.6',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.3',
'Programming Language :: Python :: 3.4',