Skip to content

Use certificates from the operating system #820

Description

@wonder-sk

In some cases, users may get this kind of errors when trying to connect to Mergin Maps server:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1010)

This could be because the corporate network as an appliance that does SSL inspection (man-in-the-middle proxy), and data sent to the MM plugin are signed by their own internal certificate. This certificate may be stored trusted by the operating system, but python's requests module (that we use for all networking) does not use trusted certificates from the OS - it rather uses certifi module (which has its bundle of root certificates).

To avoid this problem, we could use truststore module (https://github.com/sethmlarson/truststore) that should be able to inject trusted certificates from the OS. It is a pure python module, so it should be easy to add as a dependency. The only(?) issue is that python 3.10+ is required.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions