Integrate truststore so System certificates are trusted automatically

src/azure-cli-core/azure/cli/core/ssl_context_adaptor.py

@@ -0,0 +1,10 @@
+import requests.adapters
+import ssl
+import truststore
+
+class SSLContextAdapter(requests.adapters.HTTPAdapter):
+    def init_poolmanager(self, *args, **kwargs):
+        ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+
+        kwargs['ssl_context'] = ctx
+        return super(SSLContextAdapter, self).init_poolmanager(*args, **kwargs)

src/azure-cli-core/azure/cli/core/util.py

@@ -906,6 +906,7 @@ def send_raw_request(cli_ctx, method, url, headers=None, uri_parameters=None,  #
     import uuid
     from requests import Session, Request
     from requests.structures import CaseInsensitiveDict
+    from azure.cli.core.ssl_context_adaptor import SSLContextAdapter
 
     result = CaseInsensitiveDict()
     for s in headers or []:
@@ -1027,6 +1028,7 @@ def send_raw_request(cli_ctx, method, url, headers=None, uri_parameters=None,  #
 
     # https://requests.readthedocs.io/en/latest/user/advanced/#prepared-requests
     s = Session()
+    s.mount(url, SSLContextAdapter())
     req = Request(method=method, url=url, headers=headers, params=uri_parameters, data=body)
     prepped = s.prepare_request(req)
 

src/azure-cli/requirements.py3.Darwin.txt

@@ -127,6 +127,7 @@ semver==2.13.0
 six==1.16.0
 sshtunnel==0.1.5
 tabulate==0.8.9
+truststore==0.10.0
 urllib3==1.26.19
 wcwidth==0.1.7
 websocket-client==1.3.1

src/azure-cli/requirements.py3.Linux.txt

@@ -128,6 +128,7 @@ semver==2.13.0
 six==1.16.0
 sshtunnel==0.1.5
 tabulate==0.8.9
+truststore==0.10.0
 urllib3==1.26.19
 wcwidth==0.1.7
 websocket-client==1.3.1

src/azure-cli/requirements.py3.windows.txt

@@ -129,6 +129,7 @@ semver==2.13.0
 six==1.16.0
 sshtunnel==0.1.5
 tabulate==0.8.9
+truststore==0.10.0
 urllib3==1.26.19
 wcwidth==0.1.7
 websocket-client==1.3.1