Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: certifi/python-certifi
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2022.12.07
Choose a base ref
...
head repository: certifi/python-certifi
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2023.05.07
Choose a head ref
  • 8 commits
  • 6 files changed
  • 5 contributors

Commits on Dec 7, 2022

  1. get CI passing again

    @alex
    alex authored Dec 7, 2022
    Copy the full SHA
    fed4048 View commit details

  2. fix CI

    @alex
    alex authored Dec 7, 2022
    Copy the full SHA
    9427a5a View commit details

Commits on Jan 13, 2023

  1. remove paragraphs about 1024-bit roots from README 

    they haven't been relevant for a long time
    @alex
    alex authored Jan 13, 2023
    Copy the full SHA
    e0b9fc5 View commit details

Commits on Feb 23, 2023

  1. Don't let deprecation warning fail CI (#219)

    @alex
    alex authored Feb 23, 2023
    Copy the full SHA
    2087de5 View commit details

Commits on Feb 24, 2023

  1. Set up permissions to github workflows (#218) 

    * feat: update lock.yml permissions

Signed-off-by: Joyce <joycebrum@google.com>

* feat: set up permissions to ci.yml

Signed-off-by: Joyce <joycebrum@google.com>

---------

Signed-off-by: Joyce <joycebrum@google.com>
    @joycebrum
    joycebrum authored Feb 24, 2023
    Copy the full SHA
    c211ef4 View commit details

Commits on Mar 20, 2023

  1. Create a Security Policy (#222) 

    * Create SECURITY.md

* Update SECURITY.md to add email

* Disclose vulnerability on Github
    @joycebrum
    joycebrum authored Mar 20, 2023
    Copy the full SHA
    c2fc3b1 View commit details

Commits on Apr 26, 2023

  1. ci: Add Python 3.12-dev to the testing (#224)

    @cclauss
    cclauss authored Apr 26, 2023
    Copy the full SHA
    53da240 View commit details

Commits on May 7, 2023

  1. 2023.05.07

    @Lukasa
    Lukasa committed May 7, 2023
    Copy the full SHA
    8b3d7ba View commit details
Showing with 80 additions and 21 deletions.
  1. +8 −4 .github/workflows/ci.yml
  2. +3 −2 .github/workflows/lock.yml
  3. +0 −14 README.rst
  4. +6 −0 SECURITY.md
  5. +1 −1 certifi/__init__.py
  6. +62 −0 certifi/cacert.pem
12 changes: 8 additions & 4 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -4,10 +4,13 @@ on:
push:
branches: [master]
pull_request: {}

permissions:
contents: read

jobs:
mypy:
runs-on: ubuntu-latest
runs-on: ubuntu-20.04

steps:
- uses: actions/checkout@v3
@@ -19,7 +22,7 @@ jobs:
run: mypy --strict certifi

test:
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
strategy:
matrix:
python-version:
@@ -28,7 +31,8 @@ jobs:
- "3.8"
- "3.9"
- "3.10"
- "3.11-dev"
- "3.11"
- "3.12-dev"
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
@@ -41,4 +45,4 @@ jobs:
python -m pip install pytest
- name: Test with pytest
run: |
python -W error -m pytest
python -W error -W 'ignore:Running attrs on Python 3.6' -m pytest
5 changes: 3 additions & 2 deletions .github/workflows/lock.yml
View file
Original file line number Diff line number Diff line change
@@ -4,13 +4,14 @@ on:
schedule:
- cron: '0 0 * * *'

permissions:
issues: "write"
permissions: {}

jobs:
lock:
if: github.repository_owner == 'certifi'
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: dessant/lock-threads@v3
with:
14 changes: 0 additions & 14 deletions README.rst
View file
Original file line number Diff line number Diff line change
@@ -30,20 +30,6 @@ Or from the command line::

Enjoy!

1024-bit Root Certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~

Browsers and certificate authorities have concluded that 1024-bit keys are
unacceptably weak for certificates, particularly root certificates. For this
reason, Mozilla has removed any weak (i.e. 1024-bit key) certificate from its
bundle, replacing it with an equivalent strong (i.e. 2048-bit or greater key)
certificate from the same CA. Because Mozilla removed these certificates from
its bundle, ``certifi`` removed them as well.

In previous versions, ``certifi`` provided the ``certifi.old_where()`` function
to intentionally re-add the 1024-bit roots back into your bundle. This was not
recommended in production and therefore was removed at the end of 2018.

.. _`Requests`: https://requests.readthedocs.io/en/master/

Addition/Removal of Certificates
6 changes: 6 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Reporting Security Issues

To report a security issue, please disclose it at [security advisory](https://github.com/certifi/python-certifi/security/advisories/new).

We will respond within 7 working days of your submission. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.

2 changes: 1 addition & 1 deletion certifi/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from .core import contents, where

__all__ = ["contents", "where"]
__version__ = "2022.12.07"
__version__ = "2023.05.07"
62 changes: 62 additions & 0 deletions certifi/cacert.pem
View file
Original file line number Diff line number Diff line change
@@ -4525,3 +4525,65 @@ BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu
9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O
be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k=
-----END CERTIFICATE-----

# Issuer: CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY
# Subject: CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY
# Label: "BJCA Global Root CA1"
# Serial: 113562791157148395269083148143378328608
# MD5 Fingerprint: 42:32:99:76:43:33:36:24:35:07:82:9b:28:f9:d0:90
# SHA1 Fingerprint: d5:ec:8d:7b:4c:ba:79:f4:e7:e8:cb:9d:6b:ae:77:83:10:03:21:6a
# SHA256 Fingerprint: f3:89:6f:88:fe:7c:0a:88:27:66:a7:fa:6a:d2:74:9f:b5:7a:7f:3e:98:fb:76:9c:1f:a7:b0:9c:2c:44:d5:ae
-----BEGIN CERTIFICATE-----
MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU
MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI
T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz
MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF
SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh
bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z
xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ
spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5
58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR
at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll
5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq
nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK
V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/
pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO
z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn
jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+
WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF
7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli
awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u
+2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88
X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN
SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo
P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI
+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz
znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9
eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2
YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy
r/6zcCwupvI=
-----END CERTIFICATE-----

# Issuer: CN=BJCA Global Root CA2 O=BEIJING CERTIFICATE AUTHORITY
# Subject: CN=BJCA Global Root CA2 O=BEIJING CERTIFICATE AUTHORITY
# Label: "BJCA Global Root CA2"
# Serial: 58605626836079930195615843123109055211
# MD5 Fingerprint: 5e:0a:f6:47:5f:a6:14:e8:11:01:95:3f:4d:01:eb:3c
# SHA1 Fingerprint: f4:27:86:eb:6e:b8:6d:88:31:67:02:fb:ba:66:a4:53:00:aa:7a:a6
# SHA256 Fingerprint: 57:4d:f6:93:1e:27:80:39:66:7b:72:0a:fd:c1:60:0f:c2:7e:b6:6d:d3:09:29:79:fb:73:85:64:87:21:28:82
-----BEGIN CERTIFICATE-----
MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw
CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ
VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy
MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ
TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS
b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B
IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+
+kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK
sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA
94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B
43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
-----END CERTIFICATE-----