Adding server certificates to CA_BUNDLE in python

Question

I'm using requests to communicate with remote server over https. At the moment I'm not verifying SSL certificate and I'd like to fix that.

Within requests documentation, I've found that:

You can pass verify the path to a CA_BUNDLE file with certificates of trusted CAs. This list of trusted CAs can also be specified through the REQUESTS_CA_BUNDLE environment variable.

I don't want to use system's certs, but to generate my own store.

So far I'm grabbing server certificate with ssl.get_server_certificate(addr), but I don't know how to create my own store and add it there.

Usually a file with all trusted certs in PEM-format is referred to as trust store. — sebix, Jul 12 '15 at 20:36

score 2 · Answer 1 · answered Jul 12 '15 at 18:00

2

This is actually trivial... CA_BUNDLE can be any file that you append certificates to, so you can simply append the output of ssl.get_server_certificate() to that file and it works.

answered Jul 12 '15 at 18:00

Mateusz M.

382
7
17

Adding server certificates to CA_BUNDLE in python

1 Answers1

Linked