(www.markround.com)

170 points todsacerdoti | 1 comments | 10 Dec 25 07:06 UTC | HN request time: 0s | source

Show context

gschizas ◴[10 Dec 25 09:31 UTC] No.46215801[source]▶

The fact that most tools have completely different ways to allow them to add certificates is the biggest pain. Git, Python and Rust also have large issues. Git doesn't default to "http.schannel". Python (or rather requests, or maybe urllib3) only looks at its own certificate store, and I have no idea how Rust does this (well, I use uv, and it has its own problems - I know about the --use-native-tls flag, but it should be a default at the least).

replies(5): >>46215828 #>>46215876 #>>46216017 #>>46216074 #>>46216859 #

1. dcminter ◴[10 Dec 25 10:13 UTC] No.46216074[source]▶

>>46215801 #

Yeah, and Java has its nice cacerts file so that should have been easy, but then we were using Bazel which does the "hermetic builds" thing so that had to be told about it separately, and on and on with all the other special-snowflake tools.

It added huge amounts of friction which was one reason I decided to move on from that gig.

↑

Stop Breaking TLS