Hi,

On (typically corporate) environments, we sometimes find that all traffic is routed through a MITM HTTPS server, that decrypts, inspects and re-encrypts all https traffic. This MITM inspector generates custom SSL certificates, and the self-signed Certificate Authority that signs those custom certificates is trusted in all company laptops. Typically it is installed in the OS trust store.

Conda offers the ssl_verify option, that may be true, false, or a string representing a path to a certificate file.

I submitted to conda (and it seems close to merge) pull request:

• Use OS Truststore in corporate HTTPS inspection proxies conda/conda#13075

In that PR, conda adds support for ssl_verify: 'truststore' that tells conda to use the operating system trust store. On Windows and Mac OS it uses the native operating system APIs and on Linux it uses OpenSSL set CA certificates. All of this happens through the truststore python package, developed by the maintainer of urllib3 and requests python packages.

I just thought that since one of mamba objectives is to be a drop-in replacement for conda, it should provide similar support.

You know mamba much better than I. I took a quick look and I saw mamba uses the curl library for downloads. I don't know how the curl library that you use is built. If it is built to use the operating system certificate store (on Windows I believe it is called "sChannel"?) then the only thing you'd need to do is to treat ssl_verify: 'truststore' as ssl_verify: true.

Otherwise I'm afraid I don't know curl enough to know what would need to be done.

I thought you wanted to know so mamba doesn't lag behind supporting the feature. If there is anything I can do to assist please tell me.

Thanks for your time and work on mamba!