Add warnings for packages and libraries to avoid inject_into_ssl()

sethmlarson / truststore

Verify certificates using OS trust stores

https://truststore.readthedocs.io

MIT License

151 stars 18 forks source link

Add warnings for packages and libraries to avoid inject_into_ssl() #122

Closed sethmlarson closed 10 months ago

sethmlarson commented 10 months ago

Closes #121

achapkowski commented 5 months ago

@sethmlarson follow up to this PR and the doc change in it. If you are using requests' Session objects, how would you do this over inject_into_ssl()?

sethmlarson commented 5 months ago

@achapkowski I believe requests Session objects are lazy to create SSLContext objects so in theory you can call inject_into_ssl() after a Session object is created but before the first request and have the system truststore be used for the connection? Let me know if that assumption isn't correct.

achapkowski commented 5 months ago

Ok, I'll give that a try.