Skip to content

Add ca_root_locations() API to properly handle SSL_CERT_{FILE,DIR} #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add ca_root_locations() API to properly handle SSL_CERT_{FILE,DIR} #42

wants to merge 3 commits into from

Conversation

Keno
Copy link
Member

@Keno Keno commented Jun 26, 2025

  • Add new ca_root_locations() function that returns (files, directories) tuple
  • ca_root_locations() takes allow_nothing parameter like the deprecated functions
  • SSL_CERT_FILE is now treated as a single file path (not delimiter-separated)
  • SSL_CERT_DIR supports delimiter-separated list of directories using keepempty=false
  • Add deprecation warnings to ca_roots() and ca_roots_path() functions
  • Use withenv in tests for proper environment isolation
  • Add comprehensive tests for the new functionality

Fixes #41

Per JuliaLang/julia#58666 largely written by Claude.

@Keno
Add ca_root_locations() API to properly handle SSL_CERT_FILE and SSL_…
7191a62 
…CERT_DIR

- Add new ca_root_locations() function that returns (files, directories) tuple
- ca_root_locations() takes allow_nothing parameter like the deprecated functions
- SSL_CERT_FILE is now treated as a single file path (not delimiter-separated)
- SSL_CERT_DIR supports delimiter-separated list of directories using keepempty=false
- Add deprecation warnings to ca_roots() and ca_roots_path() functions
- Simplify _ca_roots() implementation and system CA root locations handling
- System CA roots are always files, not directories
- Use withenv in tests for proper environment isolation
- Add comprehensive tests for the new functionality

Fixes JuliaLang#41
@codecov Codecov
Copy link

codecov bot commented Jun 26, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.55%. Comparing base (532992f) to head (3c96336).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #42      +/-   ##
==========================================
+ Coverage   98.14%   98.55%   +0.40%     
==========================================
  Files           3        3              
  Lines         108      138      +30     
==========================================
+ Hits          106      136      +30     
  Misses          2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Keno Keno mentioned this pull request Jun 26, 2025
Draft
Keno added 2 commits June 26, 2025 03:58
@Keno
Fix ca_root_locations to return nothing on Windows/macOS when JULIA_S…
4d105cd 
…SL_CA_ROOTS_PATH=""

When JULIA_SSL_CA_ROOTS_PATH is set to empty string, it should return
nothing on Windows/macOS (to use system certificates) when allow_nothing
is true, not the bundled certificates.
@Keno
Add test for JULIA_SSL_CA_ROOTS_PATH set to directory
3c96336 
This improves test coverage by testing the case where JULIA_SSL_CA_ROOTS_PATH
is set to a directory path, which triggers the isdir() branch in
ca_root_locations().
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSL_CERT_{DIR, FILE} handling is incorrect
1 participant
@Keno