[Bug 912903] New: python3-requests crashes with https
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 Bug ID: 912903 Summary: python3-requests crashes with https Classification: openSUSE Product: openSUSE 13.1 Version: Final Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jnweiger@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reproduce ---------- python3
import requests # using python3-requests-2.4.1-17.3.noarch r = requests.get('https://owncloud.com') # produces a stack trace saying '[Errno 21] Is A Directory' multiple times, but does not mention the path name it tried.
Traceback (most recent call last): File "/usr/lib/python3.3/site-packages/requests/packages/urllib3/util/ssl_.py", line 114, in ssl_wrap_socket context.load_verify_locations(ca_certs) IsADirectoryError: [Errno 21] Is a directory .... Workaround ----------
verify='/etc/ssl/ca-bundle.pem' if not os.path.exists(verify): verify='/etc/ssl/certs/ca-certificates.crt' # seen in https://urllib3.readthedocs.org/en/latest/security.html if not os.path.exists(verify): verify=True # default, but fails on python3@openSUSE-13.1 with DEFAULT_CA_BUNDLE_PATH=/etc/ssl/cersts/
requests.get(url, verify=verify) <Response [200]>
# works fine. # Maybe DEFAULT_CA_BUNDLE_PATH should have been '/etc/ssl/ca-bundle.pem' instead? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c7 Federico Mena Quintero <federico@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |federico@suse.com --- Comment #7 from Federico Mena Quintero <federico@suse.com> --- This is broken in the same way in openSUSE 13.2. Look at python3-requests.changes for the entry that has this: " - Add no-default-cacert-sles.patch: use this patch when building for SLES, since python in SLES and openSUSE behave differently when it comes to SSL, and no-default-cacert.patch is wrong for SLES. " I believe that's where the breakage happened. This got fixed later in Tumbleweed, see bug #967128. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c8 Federico Mena Quintero <federico@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|jmatejek@suse.com |federico@suse.com --- Comment #8 from Federico Mena Quintero <federico@suse.com> --- Created attachment 675415 --> http://bugzilla.opensuse.org/attachment.cgi?id=675415&action=edit python3-requests-boo912903-default-cacert.patch This fixes the problem, and lets us remove the old no-default-cacert.patch, no-default-cacert-sles.patch from the package. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c9 Federico Mena Quintero <federico@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #9 from Federico Mena Quintero <federico@suse.com> --- Submitted to openSUSE:13:Update with request id 393500. I don't seem to be able to change the product in this bug to openSUSE 13.2 :( -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c10 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de --- Comment #10 from Christian Boltz <suse-beta@cboltz.de> --- (In reply to Federico Mena Quintero from comment #9)
I don't seem to be able to change the product in this bug to openSUSE 13.2 :(
You can do that - Product "openSUSE Distribution", Version "13.2" ;-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c17 Jan Matejek <jmatejek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jmatejek@suse.com --- Comment #17 from Jan Matejek <jmatejek@suse.com> --- python2 requests work fine, as do the new singlespec versions in TW. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c18 Jan Matejek <jmatejek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mvanorder1390@gmail.com --- Comment #18 from Jan Matejek <jmatejek@suse.com> --- *** Bug 1007978 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=912903 http://bugzilla.opensuse.org/show_bug.cgi?id=912903#c19 Jan Matejek <jmatejek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #19 from Jan Matejek <jmatejek@suse.com> --- this is already fixed. There was a minor dependency bug (fixed in SR 516179), but in general this bug is fixed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com