Ronald Oussoren added the comment:
This also affects 2.7, and the patch doesn't work there.
It does work when I add the call to os.putenv at module scope before (before
importing ssl), but I don't really like that.
It is probably necessary to do it like this though, the code that checks if
Antoine Pitrou added the comment:
Le mercredi 22 août 2012 à 11:57 +, Ronald Oussoren a écrit :
I've attached a 3th version of the patch that also works with 2.7
(that is, after manually applying the patch). I'm not too happy about
it though, the module now changes the environment of the
Ronald Oussoren added the comment:
There is no need to unconditionally skip the test. The cacert.org root
certificate is not present on most systems, I just happened to have imported it
into my keychain.
I've removed the cacert root from my keychain and test_ssl now passed without a
patch.
Antoine Pitrou added the comment:
The attached (crufty) patch sets the environment variable during
test_ssl.NetworkedTests and that also avoids the test failure. It might
be useful to add this functionality to the test case (but less crufty,
and with a comment that explains why this is
Ronald Oussoren added the comment:
Attached cleaner version of the test:
* use self.addCleanup instead of a tearDown method
* add comment that explains why the code is present
* setUp method is only active on OSX
--
Added file: http://bugs.python.org/file26948/issue15740-2.txt
Antoine Pitrou added the comment:
Attached cleaner version of the test:
* use self.addCleanup instead of a tearDown method
* add comment that explains why the code is present
* setUp method is only active on OSX
Looks good to me, thank you.
--
New submission from Ronald Oussoren:
On my laptop (running OSX 10.8, but I have noticed the same on earlier OSX
releases) test_ssl fails:
==
FAIL: test_connect (test.test_ssl.NetworkedTests)
Changes by Ronald Oussoren ronaldousso...@mac.com:
--
assignee: ronaldoussoren -
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15740
___
___
Antoine Pitrou added the comment:
The failure seems to occur because the test assumes that the OpenSSL
library either won't load a CA list at all when ca_cert is not
specified, or that the default CA list doesn't contain the cacert.org one.
Well, OpenSSL should not implicitly load a CA list
Ned Deily added the comment:
As Ronald is aware, there is also the issue that Apple has deprecated use of
OpenSSL in OS X:
Although OpenSSL is commonly used in the open source community, OpenSSL does
not provide a stable API from version to version. For this reason, although OS
X provides
Ronald Oussoren added the comment:
What's rather annoying is that I cannot find OpenSSL on opensource.apple.com,
which means we cannot check if they use patches add functionality that our
users would like to have.
One such feature is likely keychain integration (that is, use the CA roots
Ronald Oussoren added the comment:
Antoine: Apple almost certainly has hacked their copy of OpenSSL, they do so
for other libraries (including python) as well.
Apple does not ship CAcerts root certificate, I've added it to the System
Keychain on my machine because I use a number of machines
Ronald Oussoren added the comment:
More interesingly are the download archives for OpenSSL098, which is the
openssl version that's used on newer OSX releases. Sadly enough the version
used on OSX 10.8 is not present there (that seems to be OpenSSL098-47, the
latest download is -35).
Download
13 matches
Mail list logo
