Question on corporate firewalls/proxies/custom certificates

In HTTP.jl and our TLS packages (OpenSSL.jl and MbedTLS.jl), there are various controls around certificate verification when doing HTTP requests. You can globally turn verification off, pass your own custom sslconfig, etc.

HTTP.jl also supports the traditional http_proxy environment variables when working through a proxy.

I have a scenario where I’m trying to help someone who seems to be in a corporate firewall of some kind where I can’t tell if there’s an explicit proxy or a globally routed proxy, but there does seem to be a need for a custom certificate. When I inspect Chrome on their laptop, it has a corporate-specific “Personal” certificate in their “certificate store”. But when using HTTP.jl, all requests are failing verification because we can’t locate a physical certificate file on the machine where we can set the CURL_CA_BUNDLE environment variable (doing so will have HTTP.jl create a custom SSL config using the custom certificate for verification).

I’m just wondering what other people have done here, or perhaps how Base Julia can handle something like this? Like, I know we use libgit and the Downloads.jl package uses libcurl underneath; I’m also familiar with the NetworkOptions.jl stdlib, but none of them seem to be doing anything particular or fancy with regards to automatically detecting the need or use of a custom certificate. My understanding is that we just need the physical certificate file and then set the env variable and everything should work, but I’m wondering if there are alternative solutions out there that people are aware of that I could also try.


-Jacob Quinn