Skip to content

Provide documentation for specifying CA bundle path #71

Description

@noexec

PycURL currently (7.45.3) supplies natives builds that include libcurl. The implication is that the default CAINFO value comes from the system on which licurl was built. For Linux, it's currently /etc/pki/tls/certs/ca-bundle.crt from RedHat family of distros, in contrast to /etc/ssl/certs/ca-certificates.crt from the Debian family.

While curldl probably shouldn't employ CA bundle lookup on the filesystem and accept elaborate settings like curl, the documentation should explain possible issues and provide recipes for mitigating them:

  • passing curl_config_callback to curldl.Curldl with curl.setopt(pycurl.CAINFO, ".../ca-certificates.crt")
  • using distribution-supplied PycURL — e.g., python3-pycurl
  • installing a non-binary wheel that will use system libcurl: pip3 install pycurl --no-binary pycurl
  • creating a /etc/pki/tls/certs/ca-bundle.crt/etc/ssl/certs/ca-certificates.crt symlink
  • using conda, which bundles its own certificates — see miniconda3/bin/curl-config --ca

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentation

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions