I have a FreeBSD 10.0 system, and a couple of days ago, I upgraded my python27 port from Python 2.7.8 to Python 2.7.9, which enabled SSL verification by default. Unsurprisingly, it broke my existing Python scripts that connected to servers with self-signed certificates. Surprisingly, it broke my scripts that connected to servers with valid SSL certificates.
I have /usr/local/etc/ssl/cert.pem (which is a symlink to /usr/local/share/certs/ca-root-nss.crt) but not /etc/ssl/cert.pem. My Python installation expects the latter:
>>> ssl.get_default_verify_paths()
DefaultVerifyPaths(cafile=None,
capath=None,
openssl_cafile_env='SSL_CERT_FILE',
openssl_cafile='/etc/ssl/cert.pem',
openssl_capath_env='SSL_CERT_DIR',
openssl_capath='/etc/ssl/certs')
I've worked around this by creating an appropriate symlink, but is there a better approach? Should this be necessary, or is this something that should have been addressed by the port itself?
(And I could set SSL_CERT_FILE in my environment too, I'd rather not have to do that all the time.)
Aucun commentaire:
Enregistrer un commentaire