On 05.05.2013 00:28, PJ Eby wrote:
On Thu, May 2, 2013 at 1:41 PM, M.-A. Lemburg <mal@egenix.com> wrote:
On 25.04.2013 16:42, M.-A. Lemburg wrote:
The latest pip supports HTTPS URLs and certificate checks (according to the change log).
Will there be a release of distribute that implements the same changes ?
The current 0.6.36 still defaults to the HTTP PyPI address and doesn't do certificate checks.
FWIW, I've just checked in the first phase of my SSL implementation for setuptools, to the repository that Jason is doing merges from. The current implementation silently uses system-wide root certs from the Windows registry or from *nixes that have a well-known root bundle location. (But won't find anything on OS X by default). It also doesn't have any command-line options yet to explicitly select the certs used or to control SSL verification. But it does offer the ability to "easy_install setuptools[ssl]" to download verified copies of all the dependencies needed to get SSL support in earlier Pythons, including win32 binaries where applicable, without needing anything but the original setuptools distribution needing to have been downloaded manually via SSL.
There is still more that needs to be done besides command-line options, warnings, and docs; providing default root certs for OS X, for example. I've got a couple different ideas on that, from bundling the StartCom root cert that python.org uses, to creating a separate ca_bundle distribution that contains the files. There's another interesting gotcha with OS X certs, which is that the platform-provided openssl may check its built-in cert store in addition to what you give it explicitly, which could be a problem.
In short: providing practical, cross-platform, cross-wide-array-of-python-versions SSL support is *hard*. I'm not too surprised you haven't heard from anybody yet. ;-)
http://www.egenix.com/products/python/pyOpenSSL/ -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, May 05 2013)
Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
2013-04-30: Released eGenix PyRun 1.2.0 ... http://egenix.com/go44 ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/