Created
October 11, 2018 22:31
-
-
Save maxschae4/f413e2462816523c93167d01b83d2c79 to your computer and use it in GitHub Desktop.
Add internal CA certs to requests bundle
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import environ, path | |
| from glob import glob | |
| import certifi | |
| # Even if we have trusted certs in our system ca certificates, requests uses it's own | |
| # Mine happen to live in /usr/local/share/ca-certificates | |
| # DON'T update the existing bundle becuase updating requests will overwrite it | |
| cert_dir = "/usr/local/share/ca-certificates" | |
| pwd = path.abspath(path.dirname(__file__)) | |
| ca_bundle = path.join(pwd, "ca_bundle.pem") | |
| if not path.exists(ca_bundle): | |
| print("generating ca bundle") | |
| # get a list of the internal certs to include | |
| cert_files = glob(f"{cert_dir}/*.crt") | |
| # the requests ca bundle path | |
| ca_file = certifi.where() | |
| # open our new bundle, "append, binary, update" | |
| with open(ca_bundle, "ab+") as cb: | |
| # open the built-in bundle | |
| with open(ca_file, "rb") as ca: | |
| # write it to our new bundle | |
| cb.write(ca.read()) | |
| # write each internal cert to our new bundle | |
| for cert_file in cert_files: | |
| with open(cert_file, "rb") as cert: | |
| cb.write(cert.read()) | |
| # set the environment variable to tell requests to use our new bundle | |
| environ["REQUESTS_CA_BUNDLE"] = ca_bundle |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment