Skip to content

Fix issues with SSL certificates#306

Open
wonder-sk wants to merge 1 commit into
masterfrom
fix-ssl-certificates
Open

Fix issues with SSL certificates#306
wonder-sk wants to merge 1 commit into
masterfrom
fix-ssl-certificates

Conversation

@wonder-sk

Copy link
Copy Markdown
Contributor

urllib's default handling of SSL certs is rather inconsistent: on linux/mac it should use some system openssl path (which on mac may not be present), and on windows it should use system certificate store.

Our old macOS workaround was apparently preventing usage of system certificate store on windows as well, and using the old vendored cert.pem instead. The fix is to use SSL certificates from OS certificate store, using truststore python module.

The truststore module requires python 3.10+ so we bump the minimum python dependency.

Python 3.10 was released in 2021, and all python version < 3.10 are now EOL-ed: https://python3.info/about/versions.html
In the QGIS plugin, I think we should be safe with at least QGIS >= 3.40 - the osgeo4w got python upgraded from 3.9 to 3.12 before QGIS 3.40 release.

Fixes #230
Fixes MerginMaps/qgis-plugin#820
Fixes MerginMaps/qgis-plugin#821
Fixes MerginMaps/qgis-plugin#149

Urllib's default handling of SSL certs is rather inconsistent: on linux/mac it
should use some system openssl path (which on mac may not be present), and on windows
it should use system certificate store.

Our old macOS workaround was apparently preventing usage of system certificate store
on windows as well, and using the old vendored cert.pem instead. The fix is to use SSL
certificates from OS certificate store, using truststore python module.

The truststore module requires python 3.10+ so we bump the minimum python dependency.
@coveralls

Copy link
Copy Markdown

Coverage Report for CI Build 28545728839

Coverage decreased (-0.1%) to 83.366%

Details

  • Coverage decreased (-0.1%) from the base build.
  • Patch coverage: 3 of 3 lines across 1 file are fully covered (100%).
  • 11 coverage regressions across 2 files.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

11 previously-covered lines in 2 files lost coverage.

File Lines Losing Coverage Coverage
mergin/test/sqlite_con.py 10 0.0%
mergin/merginproject.py 1 89.11%

Coverage Stats

Coverage Status
Relevant Lines: 5675
Covered Lines: 4731
Line Coverage: 83.37%
Coverage Strength: 0.83 hits per line

💛 - Coveralls

@MarcelGeo MarcelGeo requested a review from harminius July 2, 2026 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

signing in fails Use certificates from the operating system ssl.SSLContext() without protocol argument is deprecated Lack of certificate

2 participants