You know what, this bug isn't fixed. You clearly didn't test it. As per http://bugs.python.org/issue1589 you are vulnerable. Test it your self using the test I put above again... all that is different is that now don't follow the redirect to a http:// location from what i can see.
So your application is still vulnerable, as long as I have a certificate signed by ca in the ca store, I can MITM checkbox. Please test your patches before saying they fix things and EVEN better add a test to check it has been fixed. Please let me know if I am wrong :) ** Bug watch added: Python Roundup #1589 http://bugs.python.org/issue1589 -- checkbox fails to verify ssl validity in data exchange with launchpad.net https://bugs.launchpad.net/bugs/625076 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
