Closed odyhunter closed 7 years ago
The Equifax CA is present in the "weak" bundle (call certifi.old_where()
). It was removed because 1024-bit root certs have been deprecated and removed from all trust stores because they are unsafe.
The GeoTrust Global CA present in the cert chain, however, is present in certifi's trust bundle. That this wasn't used strongly suggests you're using an older OpenSSL (pre-1.0.2), which has a problem with building trust stores. I strongly recommend you upgrade to a newer OpenSSL. If you are unable, you should use certifi.old_where()
instead.
Closing as a duplicate of #26.
Hi,
I noticed Equifax is not included in the current pem https://github.com/certifi/python-certifi/blob/master/certifi/cacert.pem
Thus following 2048bit CA failed. I know 1024bit CA is not supported...
Do you have any plan to include Equifax or there is any reason blocking you so?
Thanks!