Skip to content

Use the system certificate store for downloads, where possible.#2308

Merged
mhsmith merged 4 commits intobeeware:mainfrom
freakboy3742:system-certs
May 22, 2025
Merged

Use the system certificate store for downloads, where possible.#2308
mhsmith merged 4 commits intobeeware:mainfrom
freakboy3742:system-certs

Conversation

@freakboy3742
Copy link
Member

Introduces the use of truststore when performing downloads in Briefcase. This should hopefully avoid the issues with the use of proxies and VPNs. httpx uses certifi as a trust store by default; but corporate proxy/VPN configurations often involve manipulation of the system trust store. This leads to situations where a URL can be reached by a browser, but not by Briefcase. Using truststore means that Briefcase will have the same trust configuration as the browser.

Fixes #2296.

PR Checklist:

  • All new features have been tested
  • All new features have been documented
  • I have read the CONTRIBUTING.md file
  • I will abide by the code of conduct

@freakboy3742 freakboy3742 requested a review from mhsmith May 21, 2025 19:34
Comment on lines +103 to +105
@property
def ssl_context(self):
"""The SSL context to use for downloads."""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a test that this function returns the correct value or type?

Copy link
Member

@mhsmith mhsmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, assuming the CI passes.

@mhsmith mhsmith merged commit f983822 into beeware:main May 22, 2025
57 checks passed
@mhsmith mhsmith mentioned this pull request May 22, 2025
4 tasks
@freakboy3742 freakboy3742 deleted the system-certs branch May 22, 2025 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Briefcase doesn't use system certificate store for lookups

3 participants