Mailinglist Archive: opensuse-bugs (3171 mails)
| < Previous | Next > |
[Bug 761501] python-requests should use system certificates, not certifi bundle.
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Thu, 24 May 2012 14:16:30 +0000
- Message-id: <20120524141630.71C5FCC7D1@soval.provo.novell.com>
https://bugzilla.novell.com/show_bug.cgi?id=761501
https://bugzilla.novell.com/show_bug.cgi?id=761501#c24
--- Comment #24 from Jan Matejek <jmatejek@xxxxxxxx> 2012-05-24 14:16:29 UTC ---
(In reply to comment #23)
IOW, literally no packages are affected in any way by whether we load the
default cert store. Either they are insecure, and will continue to be
insecure,
or they are already supplying their own cert bundles.
Correct. We're trying to address the latter for a start.
Right, but we can't really do that in a way that helps upstreams too much. They
can't even do "try (suse_approach) except (other_approach)" because the
wrap_socket call doesn't fail, it only fails at connect.
What we could do is implement our own ssl.load_default_bundles, and then
upstreams could do
try: ssl.load_default_bundles()
except AttributeError: (do whatever you need to do outside SUSE)
This is still special-casing, but it is at least cleaner and other
distributions are more likely to pick our patch.
Yes we are. It's free software after all.
yeeaaah, and i'm sure all the developers in the world would love us just that
much more if we did change it :P
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |