Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add GlobalSign Root R6 to cacert.pem #3192

Closed
2 tasks
mruncles opened this issue May 30, 2024 · 2 comments
Closed
2 tasks

Add GlobalSign Root R6 to cacert.pem #3192

mruncles opened this issue May 30, 2024 · 2 comments
Assignees
Labels
feature-request This issue requests a feature.

Comments

@mruncles
Copy link

Describe the feature

Can we add new GlobalSign Root R6 certificate (https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates) to cacert.pem file as it is used by default in aws-cli shipped by amazon? Yes we can override this behavior by env variables, but it's an extra step that can be avoided for publicly acknowleged root certificate.

Use Case

Some custom third-party s3 providers already use new GlobalSign certificates, but we have some inconsistencies with aws-cli v1 and v2, as v1 uses updated certifi with updated certificate list, but v2 still depends on outdated cacert.pem.

Proposed Solution

add GlobalSign Root R6 certificate to cacert.pem

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

SDK version used

ALL

Environment details (OS name and version, etc.)

aws-cli/2.15.59 Python/3.11.8 Linux/6.8.0-31-generic exe/x86_64.ubuntu.24

@mruncles mruncles added feature-request This issue requests a feature. needs-triage This issue or PR still needs to be triaged. labels May 30, 2024
@tim-finnigan tim-finnigan self-assigned this Jun 4, 2024
@tim-finnigan tim-finnigan added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Jun 4, 2024
@tim-finnigan
Copy link
Contributor

Thanks for the feature request. Upon discussing with the team, the recommendation here is to install certifi to get access to newer certs. That should be used by default if it is installed. Further investigation by the team is required involving changes to cacert.pem, but this feature request is not planned.

@tim-finnigan tim-finnigan closed this as not planned Won't fix, can't repro, duplicate, stale Jun 4, 2024
@tim-finnigan tim-finnigan removed investigating This issue is being investigated and/or work is in progress to resolve the issue. needs-triage This issue or PR still needs to be triaged. labels Jun 4, 2024
Copy link

github-actions bot commented Jun 4, 2024

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request This issue requests a feature.
Projects
None yet
Development

No branches or pull requests

2 participants