Fix root certificate issues for add-on store #18354
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This pull request fixes root certificate issues for the add-on store by updating and centralizing certificate update logic. Key changes include:
- Introducing a new networking module (source/utils/networking.py) that implements generic functions for updating Windows root certificates and fetching URLs.
- Refactoring updateCheck.py to use the new certificate update function and removing deprecated legacy code.
- Updating addonStore/dataManager.py to utilize the new networking function for improved consistency.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| source/utils/networking.py | New module to update Windows root certificates and handle URL fetches |
| source/updateCheck.py | Replaced legacy certificate update code with a call to the new function |
| source/addonStore/dataManager.py | Updated cache hash fetching to use the centralized networking logic |
Co-authored-by: Copilot <[email protected]>
seanbudd
added
the
conceptApproved
SaschaCowley
approved these changes
Jul 2, 2025
Co-authored-by: Sascha Cowley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Link to issue number:
None
Summary of the issue:
If a device doesn't trust NV Access's TLS certificate, fetches to the add-on store fails.
When performing an update check, we update windows root certificates if our certificate is invalid or out of date.
Description of user facing changes:
Users without a trusted NV Access TLS certificate installed already should be able to access the add-on store
Description of developer facing changes:
Code related to updating root certificates is deprecated as it is not intended for the public
Description of development approach:
Made the code to update certificates more generic
Testing strategy:
requests.getin_fetchUrlAndUpdateRootCertificatesto send our bad certificate chain. e.g.result = requests.get(url, timeout=_FETCH_TIMEOUT_S, verify=r"C:\Users\sean\Downloads\nvaccess-org-chain.pem")Known issues with pull request:
none
Code Review Checklist:
@coderabbitai summary