Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
Please bump to 2022.12.07.
You linked python-certifi, but the title is app-misc/ca-certificates.
There is no upstream of app-misc/ca-certificates with TrustCor removed yet.
If it's urgent, we can patch it our ourselves, but I'd prefer to wait for the upstream release.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2022-12-10 03:24:53 +0000
Commit: Sam James <email@example.com>
CommitDate: 2022-12-10 03:24:58 +0000
app-misc/ca-certificates: add 20211016.3.86
Note that this follows Mozilla upstream in NSS 3.86 in setting
distrust-after for TrustCor . It does not remove it from the cache.
Signed-off-by: Sam James <firstname.lastname@example.org>
app-misc/ca-certificates/Manifest | 1 +
.../ca-certificates-20211016.3.86.ebuild | 203 +++++++++++++++++++++
2 files changed, 204 insertions(+)
Anything necessitating holding off stabilization here?