From: Gary Thomas <gary@mlbassoc.com>
To: Christopher Larson <clarson@kergoth.com>
Cc: Yocto Project <yocto@yoctoproject.org>
Subject: Re: Missing certificates
Date: Fri, 24 Jul 2015 14:17:14 -0600 [thread overview]
Message-ID: <55B29D4A.8090301@mlbassoc.com> (raw)
In-Reply-To: <CABcZANn0aLo8Pzxrn0G=5BkeHk=BFvf1QyTKiUY2G5YUzEVv-A@mail.gmail.com>
On 2015-07-24 14:09, Christopher Larson wrote:
>
> On Fri, Jul 24, 2015 at 12:49 PM, Gary Thomas <gary@mlbassoc.com <mailto:gary@mlbassoc.com>> wrote:
>
> On 2015-07-24 13:30, Aníbal Limón wrote:
>
> Hi Gary,
>
> What version of python do you use?.
>
> Since 2.7.9 cert checking is enabled by default causing this kind of errors. [1]
>
> [1] https://www.python.org/dev/peps/pep-0476/
>
> Kind regards,
> alimon
>
>
> I'm using the stock python 2.7.9 from Poky/Yocto master:901be2cb69892595443ed41ab4be285932db15eb
>
> Is there an answer for this that's a bit less intrusive?
> Perhaps there could be a DISTRO or even IMAGE feature to
> enable/disable this checking?
>
> The pep you referenced mostly talks about why this was changed
> and how to disable it - manually within the python code itself.
> What I don't see is where/how/what to change/import to actually
> let the full certificate checking happen.
>
>
> I think the better bet is to fix it so it actually finds the certs from ca-certificates rather than bypassing certificate checking, personally, but I can see how that would be a
> useful workaround. :)
I tried this same code on my Ubuntu 15.04 desktop and it looks
like they've disabled it in the main python http[s] code - there
were no certificates examined during the transaction as far as
I could tell (strace is my friend)
I'll see if I can figure out how to stitch this together with our
[Poky/Yocto/OE-core] setup for OpenSSL and ca-certificates.
--
------------------------------------------------------------
Gary Thomas | Consulting for the
MLB Associates | Embedded world
------------------------------------------------------------
next prev parent reply other threads:[~2015-07-24 20:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 18:02 Missing certificates Gary Thomas
2015-07-24 19:30 ` Aníbal Limón
2015-07-24 19:49 ` Gary Thomas
2015-07-24 20:02 ` Aníbal Limón
2015-07-24 20:09 ` Christopher Larson
2015-07-24 20:17 ` Gary Thomas [this message]
2015-07-24 19:37 ` Christopher Larson
2015-07-27 14:05 ` Gary Thomas
-- strict thread matches above, loose matches on Subject: below --
2015-09-03 15:27 missing certificates Edward Vidal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55B29D4A.8090301@mlbassoc.com \
--to=gary@mlbassoc.com \
--cc=clarson@kergoth.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.