nvda

b9ae4528 - Create a confirmation dialog to update root certificates when downloading add-ons (#18402)

Create a confirmation dialog to update root certificates when downloading add-ons (#18402) Related #15905 #18354 Summary of the issue: When trying to download an add-on from the add-on store in certain environments such as corporates, the download fails due to the machine not trusting the root certificate of the add-on source. This can be caused by two issues: 1. the `requests` library using `certifi` rather than the system root certificates 2. the system root certificates not trusting the add-on download source Additionally https://github.com/nvaccess/nvda/pull/18354 changed the NVDA update check to use requests rather than urllib, which would have introduced the issue with certifi to the update check instead of just the add-on store. Description of user facing changes: - Use system root certificates rather than certifi, preventing issues accessing the add-on store or update check in corporate environments - Add a dialog to give the user an option for trusting root certificates for add-on sources, such as github, if the system doesn't trust the download source Description of developer facing changes: None Description of development approach: - add `pip_system_certs` which overrides `certifi` to use system certs for `requests` - use our existing code to update system certs when downloading add-ons - ignore the patch when wrapping the socket for remote. This is due to an unexpected bug with the patch. This should be reconsidered when updating python, pip_system_certs, and remote to e2ee - Note: PROTOCOL_TLSv1_2 is deprecated. Fix up usage to match new python suggested code ### Testing strategy: - [x] Manual testing from users - [x] Smoke tested remote connection ### Known issues with pull request: None