On Tue, Mar 15, 2016 at 03:50:07PM +0100, Christoph Egger wrote:
> Seems to be dying on some SSL error, backtrace attached.
>
> Christoph
>
> /usr/lib/python3.4/http/client.py in __init__(self, host, port, key_file,
> cert_file, timeout, source_address, context, check_hostname)
> 1209 check_hostname = will_verify
> 1210 elif check_hostname and not will_verify:
> -> 1211 raise ValueError("check_hostname needs a SSL context
> with "
> 1212 "either CERT_OPTIONAL or
> CERT_REQUIRED")
> 1213 if key_file or cert_file:
>
> ValueError: check_hostname needs a SSL context with either CERT_OPTIONAL or
> CERT_REQUIRED
httplib2 is quite buggy in ssl certificates validation.
This bug should be ideally fixed there, but mantainer seems not very responsive
lately (there is a relative bug opened with no response:
https://github.com/jcgregorio/httplib2/issues/324).
To keep it short, with python 3.4.2 (jessie) httplib2 sends wrong parameters to
underlying http.client, and there it breaks. With python 3.4.4 the default
validation policy changed so we have no problems on stretch (and no problems
with python 2.7 too).
I've have prepared a patch, if Bastian wants to merge it, that conditionally
forces validation for python3 < 3.4.3.
https://github.com/venthur/python-debianbts/pull/27
With this patch I got tests passing on stretch with python 2.7, 3.4.4 and 3.5.1,
and on jessie with python 2.7 and 3.4.2.
Gaetano
