Comment 12 for bug 82086

Revision history for this message
Vincent Ladeuil (vila) wrote :

We can but that will not really change the way to address it.

- pycurl *can* be parameterized to accept self-signed certificates but this is frowned upon unless there is a proper way to apply it selectively on a per host basis,
- urllib makes no certificate verification at all (which is worse) because we lack python support,
- there is no easy way to obtain python support *but* python2.6 will include it (the corresponding patch have landed some weeks ago),

Now, if someone feels like plugging some holes, they are welcome to assign the bug to themselves :)

But, python2.6 support means the bug can be cured in the long term. A backport to python2.5 *may* be possible (if not in the core, may be as a plugin). The guy who did the patch for python2.6 said that he may build a package for python2.3, once I see that, I'll look into using it for bzr.

In parallel I'm working on a solution to allow the user to specify certification handling on a per-host basis, once available, it will be possible to tune pycurl.

All in all, I don't forget that bug, it's just that I don't have an acceptable solution for it *right now*.