Xing Yang, A packaging of the complete 7.0.25 pywbem package is not possible as such. What I can propose is to retrofit the functionality that you are after, which is the verification of the CA Certificates. I believe that this is introduced by the following upstream commit :
http://sourceforge.net/p/pywbem/code/627/ fixed TOCTOU error when validating peer's certificate By TOCTOU it's meant time-of-check-time-of-use. Up to now, pywbem made two connections for one request (applies just to ssl). The first one made the verification (without the hostname check) and the second one was used for request. No verification was done for the latter, which could be abused. Peer's certificate is now validated when connecting over ssl. To prevent man-in-the-middle attack, verification of hostname is also added. Peer's hostname must match the commonName of its certificate. Or it must be contained in subjectAltName (list of aliases). M2Crypto package is used for that purpose. Thanks to it both security enhancements could be implemented quiete easily. Downside is a new dependency added to pywbem. Verification can be skipped if no_verification is set to False. Certificate trust store can now be specified by user. Some default paths, valid for several distributions, were added. This modification is part of 7.0.25 This would allow you to gain access to ca_certs= and no_verification= parameter. Would that be acceptable to you ? Kind regards, ...Louis -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
