Open adamdecaf opened 6 years ago
adamdecaf
commented
6 years ago Python:
This library is embedded in a requests python lib, which is vendored into pip.
It seems to be located at directories like (on OSX):
/Library/Python/2.7/site-packages/certifi/cacert.pem /Library/Python/2.7/site-packages/pip/_vendor/requests/cacert.pem adamdecaf
commented
6 years ago Go:
The certs are embedded within the compiled binary: https://github.com/certifi/gocertifi/blob/master/certifi.go#L4617
adamdecaf
commented
6 years ago For bundles that are just reading from a gem/pip on disk we should be able to copy the original to cacert.pem.backup and then rewrite cacert.pem according to the whitelist.
Then either a gem/pip reinstall or restore command would bring back the original pool.
certifi (http://certifi.io/ -- doesn't load) is an embedded cert store with a few language bindings.
Found while investigating https://github.com/adamdecaf/cert-manage/issues/59