[Python-Dev] HTTPS repositories failing when using selfsigned certs
Jesus Cea
jcea at jcea.es
Wed Aug 1 05:58:06 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My mercurial clone is <https://hg.jcea.es/cpython-2011/>, and today I
can't create a patch from it (in the bug tracker). No explanation in
the web interface, but checking the sourcecode of the resulting page,
I see a SSL certificate failure.
So, looks like bugs.python.org is now verifying repository certificates.
My certificate is selfsigned and, moreover, it is behind a SNI server,
so the certificate python.org is getting is a selfsigned "jcea.es"
certificate.
What can I do, beside buying a "real" cert?.
Do we have a certificate whitelist, like mercurial?. In my .hgrc, I use
"""
[hostfingerprints]
# En realidad es www.jcea.es. hg.jcea.es esta tras SNI
hg.jcea.es = 54:7e:a7:36:56:c6:80:41:f8:fd:d6:c0:95:44:68:a9:93:58:ca:4c
"""
PS: If I try to use the http version of my repository
(<http://hg.jcea.es/cpython-2011>), I get an error: "('invalid token',
97)".
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBUBipTplgi5GaxT1NAQKyjQP9F1rIKSlDIs8uHLrhIVmaOodRH3umYeyl
zhkiGm34+Cw6I22OQre3VoJ+9vrUF/Go/LpU+UpAH5adzgq4Xfef3Q8jRhclSZmU
ADvGpKhmlzDCahxsQoYXD7UHkc/BLkfNvx+q0wzfDUELbinLyITF4pp2/dLtoNtN
LFG9te1M55A=
=pgh1
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list