Re: [Zope-dev] zc.ssl ca chain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/25/2013 11:22 AM, Senner, Talin wrote: Would someone that has access be able to update zc.ssl and release a new version: http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old. That package appears to have been maintained last by Zvezdan Petkovic. I have CC'ed his ZC address, although I am not certain he is still at ZC. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlECuQEACgkQ+gerLs4ltQ7x/gCeN2sIfcsi1CBLyEboxrejpB8L lq8AoM+/EBHSHeWidy43r3C1QYrc+yZr =UMfd -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] zc.ssl ca chain
On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin sen...@wildcardcorp.com wrote: Would someone that has access be able to update zc.ssl and release a new version: http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old. I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] zc.ssl ca chain
On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton j...@zope.com wrote: On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin sen...@wildcardcorp.com wrote: Would someone that has access be able to update zc.ssl and release a new version: http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old. The certificates in zc.ssl haven't changed. I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl. There's nothing to do at this point. If you want more root CAs, I suggest using requests, or forking zc.ssl and adding certs to your fork. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] zc.ssl ca chain
It's that the current certs.pem doesn't contain the updated chain for test.authorize.net/secure.authorize.net etc. Using the current will throw an ssl error. I've fixed my local instance of this using the local system certificate chain. For the future i'll let the developers know that zc.ssl is deprecated. Thanks again. Talin On Fri, Jan 25, 2013 at 11:16 AM, Jim Fulton j...@zope.com wrote: On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton j...@zope.com wrote: On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin sen...@wildcardcorp.com wrote: Would someone that has access be able to update zc.ssl and release a new version: http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old. The certificates in zc.ssl haven't changed. I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl. There's nothing to do at this point. If you want more root CAs, I suggest using requests, or forking zc.ssl and adding certs to your fork. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] zc.ssl ca chain
I am not able to reproduce using zc.ssl 1.2: import zc.ssl conn = zc.ssl.HTTPSConnection(test.authorize.net) conn.connect() conn.request(GET, /) conn.getresponse().status 200 conn = zc.ssl.HTTPSConnection(secure.authorize.net) conn.connect() conn.request(GET, /) conn.getresponse().status 200 Using zc.ssl's certs.pem file with the requests package works as well; maybe you're running into some other issue? On Jan 25, 2013, at 12:22 PM, Senner, Talin wrote: It's that the current certs.pem doesn't contain the updated chain for test.authorize.net/secure.authorize.net etc. Using the current will throw an ssl error. I've fixed my local instance of this using the local system certificate chain. For the future i'll let the developers know that zc.ssl is deprecated. Thanks again. Talin On Fri, Jan 25, 2013 at 11:16 AM, Jim Fulton j...@zope.com wrote: On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton j...@zope.com wrote: On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin sen...@wildcardcorp.com wrote: Would someone that has access be able to update zc.ssl and release a new version: http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old. The certificates in zc.ssl haven't changed. I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl. There's nothing to do at this point. If you want more root CAs, I suggest using requests, or forking zc.ssl and adding certs to your fork. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
