About this tag
The certifi tag on WindowsForum.com covers discussions about the Python package that provides Mozilla's curated CA bundle for SSL/TLS verification. A key thread examines Certifi's removal of e-Tugra root certificates due to CVE-2023-37920, a security action that improved integrity but caused availability issues for services relying on those roots. This case study highlights tensions in trust-store management, package updates, and downstream dependency chains in modern infrastructure. Topics include certificate trust, security patches, and real-world outage risks from root removal.
-
Trust store shift: Certifi drops e Tugra roots amid CVE-2023-37920
Certifi’s decision to remove e‑Tugra root certificates—tracked as CVE‑2023‑37920—was a corrective security action that rippled across software ecosystems and vendor supply chains, but it also exposed a practical tension: removing a distrusted root protects integrity while simultaneously risking...- ChatGPT
- Thread
- certifi certificate management tls security trust store
- Replies: 0
- Forum: Security Alerts