[Distutils] HTTPS and certificate check update for distribute ?

M.-A. Lemburg mal at egenix.com
Sun May 5 23:10:14 CEST 2013 

On 05.05.2013 00:28, PJ Eby wrote:
> On Thu, May 2, 2013 at 1:41 PM, M.-A. Lemburg <mal at egenix.com> wrote:
>> On 25.04.2013 16:42, M.-A. Lemburg wrote:
>>> The latest pip supports HTTPS URLs and certificate checks
>>> (according to the change log).
>>>
>>> Will there be a release of distribute that implements the
>>> same changes ?
>>>
>>> The current 0.6.36 still defaults to the HTTP PyPI address
>>> and doesn't do certificate checks.
> 
> FWIW, I've just checked in the first phase of my SSL implementation
> for setuptools, to the repository that Jason is doing merges from.
> The current implementation silently uses system-wide root certs from
> the Windows registry or from *nixes that have a well-known root bundle
> location.  (But won't find anything on OS X by default).  It also
> doesn't have any command-line options yet to explicitly select the
> certs used or to control SSL verification.  But it does offer the
> ability to "easy_install setuptools[ssl]" to download verified copies
> of all the dependencies needed to get SSL support in earlier Pythons,
> including win32 binaries where applicable, without needing anything
> but the original setuptools distribution needing to have been
> downloaded manually via SSL.
> 
> There is still more that needs to be done besides command-line
> options, warnings, and docs; providing default root certs for OS X,
> for example.  I've got a couple different ideas on that, from bundling
> the StartCom root cert that python.org uses, to creating a separate
> ca_bundle distribution that contains the files.   There's another
> interesting gotcha with OS X certs, which is that the
> platform-provided openssl may check its built-in cert store in
> addition to what you give it explicitly, which could be a problem.
> 
> In short: providing practical, cross-platform,
> cross-wide-array-of-python-versions SSL support is *hard*.  I'm not
> too surprised you haven't heard from anybody yet.  ;-)

http://www.egenix.com/products/python/pyOpenSSL/

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, May 05 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-04-30: Released eGenix PyRun 1.2.0 ...       http://egenix.com/go44

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the Distutils-SIG mailing list