[Distutils] HTTPS and certificate check update for distribute ?
M.-A. Lemburg
mal at egenix.com
Sun May 5 23:10:14 CEST 2013
On 05.05.2013 00:28, PJ Eby wrote:
> On Thu, May 2, 2013 at 1:41 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>> On 25.04.2013 16:42, M.-A. Lemburg wrote:
>>> The latest pip supports HTTPS URLs and certificate checks
>>> (according to the change log).
>>>
>>> Will there be a release of distribute that implements the
>>> same changes ?
>>>
>>> The current 0.6.36 still defaults to the HTTP PyPI address
>>> and doesn't do certificate checks.
>
> FWIW, I've just checked in the first phase of my SSL implementation
> for setuptools, to the repository that Jason is doing merges from.
> The current implementation silently uses system-wide root certs from
> the Windows registry or from *nixes that have a well-known root bundle
> location. (But won't find anything on OS X by default). It also
> doesn't have any command-line options yet to explicitly select the
> certs used or to control SSL verification. But it does offer the
> ability to "easy_install setuptools[ssl]" to download verified copies
> of all the dependencies needed to get SSL support in earlier Pythons,
> including win32 binaries where applicable, without needing anything
> but the original setuptools distribution needing to have been
> downloaded manually via SSL.
>
> There is still more that needs to be done besides command-line
> options, warnings, and docs; providing default root certs for OS X,
> for example. I've got a couple different ideas on that, from bundling
> the StartCom root cert that python.org uses, to creating a separate
> ca_bundle distribution that contains the files. There's another
> interesting gotcha with OS X certs, which is that the
> platform-provided openssl may check its built-in cert store in
> addition to what you give it explicitly, which could be a problem.
>
> In short: providing practical, cross-platform,
> cross-wide-array-of-python-versions SSL support is *hard*. I'm not
> too surprised you haven't heard from anybody yet. ;-)
http://www.egenix.com/products/python/pyOpenSSL/
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, May 05 2013)
>>> Python Projects, Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
2013-04-30: Released eGenix PyRun 1.2.0 ... http://egenix.com/go44
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Distutils-SIG
mailing list