| 1 | | I'm sure it was easier to set SSL_CERT_FILE globally than delay it until after Python is built. Python has no support for the Apple cryptography APIs, so to get SSL to work, it uses OpenSSL. OpenSSL needs a list of root certificates (Certificate Authorities) to be able to validate certificates and that is what the SSL_CERT_FILE is for. For backwards compatiblity, Apple has a vestigial OpenSSL (0.9.?), but has removed the header files from XCode, so it is not possible to compile against it anymore -- and that version of OpenSSL is so old that it doesn't work with harden web servers. |
| | 1 | I'm sure it was easier to set SSL_CERT_FILE globally than delay it until after Python is built. Python has no support for the Apple cryptography APIs, so to get SSL to work, it uses OpenSSL. OpenSSL needs a list of root certificates (Certificate Authorities) to be able to validate certificates and that is what the SSL_CERT_FILE is for. For backwards compatiblity, Apple has a vestigial OpenSSL (0.9.?), but has removed the header files from XCode, so it is not possible to compile against it anymore -- and that version of OpenSSL is so old that it doesn't work with modern web servers. |
![[ChimeraX Issue Tracking System]](/trac/ChimeraX/chrome/site/ChimeraX-icon.svg){kind=icon}
