[Catalog-sig] HTTPS now promoted on PyPI
Donald Stufft
donald.stufft at gmail.com
Tue Feb 19 14:10:28 CET 2013
On Tuesday, February 19, 2013 at 8:02 AM, Vinay Sajip wrote:
> Nice, but does this also apply to the XML-RPC interface? My distlib tests
> started failing when I changed the URL to https with a "Network unreachable"
> error. Changed back to http and the tests work again, but the XML-RPC calls
> return http URLs for package downloads.
>
>
301/302 Redirects when sending a POST are typically interpreted as "fetch
this Location using GET". This is incompatible with xmlrpc. There is a 307
redirect which is used to explicitly say "resubmit your POST to Location"
but the stdlib doesn't recognize it. Because of this the HTTP -> HTTPS redirect
only happens for GET and HEAD.
If XMLRPC is broken for https://pypi.python.org/pypi that will need to be sorted.
However XML-RPC seems to work fine for me via SSL:
>>> import xmlrpclib
>>> s = xmlrpclib.Server("https://pypi.python.org/pypi")
>>> s.release_urls("requests", "0.14.0")
[{'has_sig': False, 'upload_time': <DateTime '20120902T08:50:39' at 1029e0680>, 'comment_text': '', 'python_version': 'source', 'url': 'https://pypi.python.org/packages/source/r/requests/requests-0.14.0.tar.gz', 'md5_digest': 'a809c747e4f09b92147721ebc3e23dd6', 'downloads': 111578, 'filename': 'requests-0.14.0.tar.gz', 'packagetype': 'sdist', 'size': 523133}]
Obviously the SSL isn't verified though.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130219/8f6d35e0/attachment.html>
More information about the Catalog-SIG
mailing list