search

opensearch-project / opensearch-py

Python Client for OpenSearch
https://opensearch.org/docs/latest/clients/python/
Apache License 2.0
337 stars 168 forks source link

[FEATURE] Do not rely on certifi for root certificates #128

Open dsturnbull opened 2 years ago

dsturnbull commented 2 years ago

Is your feature request related to a problem? The certifi library has a software licence that can be problematic. Similar to https://github.com/opensearch-project/opensearch-py/issues/111. It could also be preferable to maintain root certs at an operating system level rather than purely at a dependency level.

What solution would you like? Allow certifi to be an optional dependency. When it's not installed, do what boto3 does.

https://github.com/boto/botocore/blob/740994514c0e1d010f17a060c1eb24c64346bbaf/botocore/httpsession.py#L47

try:
    from certifi import where
except ImportError:
    def where():
        return DEFAULT_CA_BUNDLE

What alternatives have you considered? We have written a script to remove the certifi library from our virtualenv and replaces it with a dummy package of the same name. This satisfies the packager's dependency requirements and allows us to ship a non-encumbered artifact.

wbeckler commented 2 years ago

@dsturnbull @sf-project-io feel free to submit a PR fixing this in this repo.

saimedhi commented 1 year ago

@dsturnbull Please feel free to take up this issue and raise a PR with your proposed solution. Thanks :)