[Python-Dev] Looking for volunteers to test Tulip on Windows
Guido van Rossum
guido at python.org
Sat Oct 19 00:56:42 CEST 2013
Thanks! That's probably fine for now -- it means the standard library
doesn't know where the root certificates are. We had a huge discussion
about this over on python-tulip:
https://groups.google.com/forum/#!topic/python-tulip/c_lqdFjPEbE
TL;DR: The stdlib openssl wrapper ought to know where each platform stores
its root certificates and automatically use them, but it currently doesn't
always. Users who really don't care but still want to use SSL must create
an SSL context with verify_mode set to ssl.CERT_NONE (and live with the
risk, obviously). This stuff passes on OS X only because there's a system
openssl library that always uses the system root certificates.
If anyone can help fixing the ssl.py module (or the _ssl extension) so that
sslcontext.set_default_verify_paths() uses the system root certs on Windows
that would be a huge help. (I have tried this on an Ubuntu box too, and
there it actually works.)
On Fri, Oct 18, 2013 at 3:42 PM, Richard Oudkerk <shibturn at gmail.com> wrote:
> On 18/10/2013 10:37pm, Guido van Rossum wrote:
>
>> Good sleuthing! Does the attached patch fix it?
>>
>> (Off-topic: the code is pretty inconsistent about catching
>> BaseException. Maybe it shouldn't be caught at all?)
>>
>
> It fixes it in the sense of printing a sensible traceback;-)
>
> $ PYTHONPATH='c:/Repos/tulip' /c/Repos/cpython-33/PCbuild/**python
> fetch3.py http://dropbox.com -v
> * Connecting to dropbox.com:80 using tcp
> * dropbox.com resolves to 108.160.165.62, 108.160.166.62, 199.47.216.179,
> 199.47.217.179
> * New connection ('108.160.165.62', 80, False)
> * Connected to ('108.160.165.62', 80)
> > GET / HTTP/1.1
> > Host: dropbox.com
> >
> < HTTP/1.1 301 Moved Permanently
> < Server: nginx
> < Date: Fri, 18 Oct 2013 22:40:13 GMT
> < Content-Type: text/html
> < Content-Length: 178
> < Connection: keep-alive
> < Location: https://dropbox.com/
> <
> redirect to https://dropbox.com/
> * Connecting to dropbox.com:443 using ssl
> * dropbox.com resolves to 108.160.165.62, 108.160.166.62, 199.47.216.179,
> 199.47.217.179
>
> Traceback (most recent call last):
> File "fetch3.py", line 211, in <module>
> main()
> File "fetch3.py", line 206, in main
>
> body = loop.run_until_complete(fetch(**sys.argv[1], '-v' in sys.argv))
> File "c:\Repos\tulip\asyncio\base_**events.py", line 177, in
> run_until_complete
> return future.result()
> File "c:\Repos\tulip\asyncio\**futures.py", line 221, in result
> raise self._exception
> File "c:\Repos\tulip\asyncio\tasks.**py", line 257, in _step
> result = coro.throw(exc)
> File "fetch3.py", line 192, in fetch
> yield from request.connect(pool)
> File "fetch3.py", line 80, in connect
> ssl=self.ssl)
> File "fetch3.py", line 36, in open_connection
> reader, writer = yield from open_connection(host, port, ssl=ssl)
> File "c:\Repos\tulip\asyncio\**streams.py", line 41, in open_connection
> lambda: protocol, host, port, **kwds)
> File "c:\Repos\tulip\asyncio\base_**events.py", line 356, in
> create_connection
> yield from waiter
> File "c:\Repos\tulip\asyncio\**futures.py", line 318, in __iter__
> yield self # This tells Task to wait for completion.
> File "c:\Repos\tulip\asyncio\tasks.**py", line 308, in _wakeup
> value = future.result()
> File "c:\Repos\tulip\asyncio\**futures.py", line 221, in result
> raise self._exception
> File "c:\Repos\tulip\asyncio\**selector_events.py", line 579, in
> _on_handshake
> self._sock.do_handshake()
> File "C:\Repos\cpython-33\lib\ssl.**py", line 520, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:553)
>
> --
> Richard
>
--
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131018/faf02889/attachment.html>
More information about the Python-Dev
mailing list