A python script I use is failing to connect to a HTTPS site because
the certificate was changed and the corresponding CA root cert isn't
in the cert list shipped with py-httplib2. It works fine when the
system list of CA certs is used instead.
I think it's a good idea in general to make this use the system
list of CA certs instead of a custom list.
One fix would be to patch the code to read file from a different location.
That would require adding two patch files, one for the python2 code
and one for the python3 code.
A smaller fix is to symlink httplib2's cacert file to /etc/ssl/cert.pem,
which is what the diff below does. There's a warning during pkg_create
because of the symlink but the warning is bogus:
Warning: symlink(s) point to non-existent /usr/ports/pobj/py-httplib2-0.7.7/fake
-amd64/etc/ssl/cert.pem
/usr/ports/pobj/py-httplib2-0.7.7/fake-amd64/usr/local/lib/python2.7/sit
e-packages/httplib2/cacerts.txt
ok?
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/py-httplib2/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- Makefile 29 Dec 2012 18:28:49 -0000 1.9
+++ Makefile 22 Jan 2013 15:15:50 -0000
@@ -3,6 +3,7 @@
COMMENT = Python HTTP client library
MODPY_EGG_VERSION = 0.7.7
+REVISION = 0
DISTNAME = httplib2-${MODPY_EGG_VERSION}
PKGNAME = py-${DISTNAME}
@@ -31,6 +32,8 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/${MODPY_PY_PREFIX}httplib2
${INSTALL_DATA} ${WRKSRC}/README \
${PREFIX}/share/doc/${MODPY_PY_PREFIX}httplib2
+ ln -sf ${BASESYSCONFDIR}/ssl/cert.pem \
+
${PREFIX}/lib/python${MODPY_VERSION}/site-packages/httplib2/cacerts.txt
do-regress:
${MODPY_BIN} ${WRKSRC}/python${MODPY_MAJOR_VERSION}/httplib2test.py
