Skip to content

Release 2.1.0#51

Merged
Ousret merged 9 commits into
mainfrom
release-2.1.0
May 10, 2026
Merged

Release 2.1.0#51
Ousret merged 9 commits into
mainfrom
release-2.1.0

Conversation

@Ousret

@Ousret Ousret commented May 10, 2026

Copy link
Copy Markdown
Member

2.1.0 (2026-05-10)

Added

  • set_cache_ttl top level function to set, in seconds, how long the CA bundle will be valid for until re-pooling from the OS.
  • Parameter hybrid_store boolean to force concatenate your OS CA bundle with the embedded CCADB bundle. E.g. wassima.generate_ca_bundle(hybrid_store=True).

Fixed

  • Very old Linux with a stale CA bundle will now automatically be extended with the CCADB embedded bundle. (3 years-not updated required)
  • The cache being too aggressive, never invalidating itself, thus need a proper restart or manual lru_cache invalidation.
    Now the CA bundle output will expire after 12 hours to let updates propagate correctly from the OS.
  • Ensured no duplicate CA appears in the final list.

Changed

  • CCADB embedded bundle is updated to latest version.

@Ousret Ousret requested a review from Copilot May 10, 2026 03:45
Copilot AI reviewed May 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Release 2.1.0 adds configurable cache invalidation and a hybrid trust-store mode (OS + embedded CCADB), along with stale trust-store detection on Linux/BSD and additional deduplication safeguards to prevent repeated roots in combined outputs.

Changes:

  • Introduce TTL-based caching for CA retrieval, plus set_cache_ttl() and DEFAULT_CACHE_TTL_SECONDS.
  • Add hybrid_store parameter across public entry points and implicitly enable it on Linux/BSD when the OS trust store appears stale.
  • Improve deduplication (Windows store overlap, Linux inode aliasing) and add unit tests + documentation/changelog updates.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
tests/test_unit.py Adds unit tests for deduplication, hybrid store behavior, TTL expiry, and concurrency behavior of the cache.
src/wassima/_version.py Bumps version to 2.1.0.
src/wassima/_os/_windows.py Deduplicates Windows roots across multiple system stores.
src/wassima/_os/_linux.py Tracks newest trust-store mtime, adds inode-based file dedup, and provides is_trust_store_stale().
src/wassima/init.py Implements TTL cache decorator, exposes cache TTL configuration, adds hybrid_store plumbing and stale-store fallback merge.
README.md Documents hybrid trust store usage and cache invalidation controls.
CHANGELOG.md Adds 2.1.0 release notes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/wassima/__init__.py
Comment thread README.md Outdated
Comment thread CHANGELOG.md Outdated
Comment thread CHANGELOG.md Outdated
@Ousret Ousret merged commit 7bfae00 into main May 10, 2026
79 checks passed
@Ousret Ousret deleted the release-2.1.0 branch May 10, 2026 04:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ousret