mattrobenolt
commented
7 years ago Would it help if it were vendored instead?
Open medzin opened 7 years ago
mattrobenolt
commented
7 years ago Would it help if it were vendored instead?
medzin
commented
7 years ago The problem is that raven-go uses by default it's own root CAs provided by gocertifi, not root CAs installed in operating system and controlled by sec teams.
mattrobenolt
commented
7 years ago I see. I can probably easily make this a configuration option to override or supply your own bundle. fwiw we do this as well in raven-python. And for context, this was added for the exact opposite case, where there were no system roots.
mattes
commented
6 years ago I think this is highly problematic as @medzin already explained. As a work-around it seems as if I can attach my own Transport though.
raven-go dependency on gocertifi is really problematic in corporate networks (audits, sec teams etc.), because it introduces not company managed root CAs. Can this dependency be removed or made optional?