[Python-Dev] SSL certificates recommendations for downstream python packagers
Christian Heimes
christian at python.org
Mon Jan 30 16:28:00 EST 2017
On 2017-01-30 22:19, David Cournapeau wrote:
> Hm. Is this documented anywhere ? We have customers needing
> "private/custom" certificates, and I am unsure where to look for.
For full control it is advised to use a custom SSLContext that only
loads the internal CA.
https://docs.python.org/3/library/ssl.html#ssl.create_default_context
With OpenSSL you can also set SSL_CERT_FILE and SSL_CERT_DIR env vars.
It doesn't work with LibreSSL, though.
import os, ssl
os.environ['SSL_CERT_FILE'] = '/path/to/internalca.pem'
os.environ['SSL_CERT_DIR'] = os.devnull
ctx = ssl.create_default_context()
Christian
More information about the Python-Dev
mailing list