Re: [Python-Dev] Python-3 transition in Arch Linux
On Thu, Nov 4, 2010 at 7:19 PM, Allan McRae al...@archlinux.org wrote: I also agree with the NO ARCH topic at the moment. I was fairly surprised so many people went to #python for help given we had made news posts and had a topic in our IRC channel pointing to how to start fixing issues. Allan I don't remember seeing any warning about it during the upgrade. That may have helped people (ones that read the warnings, at least) figure out what was going on. I think a warning from /usr/bin/python may have helped as well, but I do suppose might be a bit extreme. FWIW, I found those news posts and the Python wiki page pretty quickly after I realized my scripts weren't working anymore. -Devin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Rework nntlib?
On Wed, Sep 15, 2010 at 11:37 AM, Jesse Noller jnol...@gmail.com wrote: You need people with the time and willingness to download, install and run production code on the releases. This might be getting off-topic, but maybe not as many people as you think. How many projects in pypi provide unittests? That's at least more tests to add to the ones already being run in the stdlib. -Devin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Implementing File Modes
Hmm... can't you do this? if encryptionEnabled: p = subprocess.Popen([gpg, --decrypt, supersecret.html.gpg], stdin = subprocess.PIPE) fileobj = p.stdin else: fileobj = open(notsosecret.html) I think that works. Is there something this way won't work for? You can also do the same thing to get stdout and stderr file objects. I guess a wrapper would simplify this process. -Devin On Wed, Jul 29, 2009 at 7:41 PM, Eric Pruitteric.pru...@gmail.com wrote: My motivation came from an instance when I was using subprocess.Popen for a Linux / Windows cross platform program. In part of the program, I was writing and reading to a cron like object. On Windows, it was a text file and on Linux it would be the crontab executable. Had I been able to substitute the open() function with my wrapper, it would have been the only change I had to make for cross platform compatibility; instead of having to change numerous lines because Linux would need Popen and Windows would need a regular file open(), I could simply make it so that if the platform was Linux, my wrapper is used in place of that. Just another example would be having an external program decrypt a file that can be in plain text or encrypted that might go something like this: if encryptionEnabled: fileobj = subprocess.ProcessIOWrapper(gpg --decrypt supersecret.html.gpg) else: fileobj = open(notsosecret.html) ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] SSL Certificate Validation
Ok, thanks for all the feedback. Just for clarity, I'll summarize everything as I understand it: * OpenSSL does the all validation of the certificate itself. (http://openssl.org/docs/apps/verify.html) * httplib should have a way to enable validation of the certificate. * httplib should have a way to enable checking of the reference identity. (that complies with section 3 of this draft: http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-00) * The reference identity checking (and cert validation, I assume) shouldn't be automatic. (per Bill) Does that sound about right? I'll try to work up a patch tonight implementing this. -Devin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] SSL Certificate Validation
Hi all, I have a few questions about validating SSL certificates. From what I gather, this validation occurs in the OpenSSL code called from _ssl.c. Is this correct? Also, I have looked through the docs and code, but haven't been able to figure out exactly what is included in certificate validation. Is it just validating the chain? Does it check the NotBefore and NotAfter dates? Does it check that the host the socket is connected to is the same as what's given in the CN field in the certificate? Where I'm going with this is I think all this checking needs to be part of certificate validation in the ssl module. If it isn't yet, I'd be happy to work on a patch for it. Please let me know what you think. Thanks! -Devin Cook ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] SSL Certificate Validation
But I really do believe that this is what he need to do next: familiarize himself with OpenSSL. There is a lot of APIs in that library, and it takes a while (i.e.: several months) to get productive, in particular since OpenSSL doesn't have the most intuitive API. Well, I realized this as soon as I looked at the _ssl.c code... I was just hoping that someone would be able to give me a quick clarification on exactly what gets validated. If it's just the chain (which is what I suspect), I would like to submit a patch that does the rest of the validation (that a browser typically does: CN/hostname, NotBefore, NotAfter, etc.) in the ssl module. I was also hoping to find out what the consensus is about this: mainly, *should* that verification be done in the ssl module? Maybe this verification should somehow be done in OpenSSL, which would mean that I need to do a LOT more reading and go pester their mailing list instead. This is for issue 6273 ( http://bugs.python.org/issue6273 ). In your reply to that issue, it seemed to me like you were saying that these things were not getting checked in the ssl module (and, therefore, not in OpenSSL either): I find the patch incomplete, for formal and semantical reasons: a) it doesn't come with documentation or test suite changes, and b) it doesn't implement the typical certificate checks that browsers do, beyond validating that the certificate is valid - e.g. also validating that the certificate is issued to the host you are trying to connect to. I would like to do validation of server certificates in a project I'm working on, and I figured it would be better to be proactive and try to help create a patch than to just sit back and complain about it. It seems to me that this is a bug that you can't do peer certificate validation in httplib. If this isn't the place to ask these kinds of questions, I apologise. I can take the discussion elsewhere if I need to. Thanks, -Devin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com