Open adamdecaf opened 6 years ago
Python:
This library is embedded in a requests
python lib, which is vendored into pip
.
It seems to be located at directories like (on OSX):
/Library/Python/2.7/site-packages/certifi/cacert.pem
/Library/Python/2.7/site-packages/pip/_vendor/requests/cacert.pem
Go:
The certs are embedded within the compiled binary: https://github.com/certifi/gocertifi/blob/master/certifi.go#L4617
For bundles that are just reading from a gem/pip on disk we should be able to copy the original to cacert.pem.backup
and then rewrite cacert.pem
according to the whitelist.
Then either a gem/pip reinstall or restore
command would bring back the original pool.
certifi (http://certifi.io/ -- doesn't load) is an embedded cert store with a few language bindings.
Found while investigating https://github.com/adamdecaf/cert-manage/issues/59