Rev 6474: Default to no ssl cert verification on osx and windows in file:///home/vila/src/bzr/bugs/929179-default-ssl-certs/

Vincent Ladeuil v.ladeuil+lp at free.fr
Wed Feb 15 10:24:07 UTC 2012 

At file:///home/vila/src/bzr/bugs/929179-default-ssl-certs/

------------------------------------------------------------
revno: 6474
revision-id: v.ladeuil+lp at free.fr-20120215102406-tdxm3ur2qb44vqea
parent: pqm at pqm.ubuntu.com-20120206075706-1zaxiu1kz3c4jf7t
fixes bug: https://launchpad.net/bugs/929179
committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
branch nick: 929179-default-ssl-certs
timestamp: Wed 2012-02-15 11:24:06 +0100
message:
  Default to no ssl cert verification on osx and windows
-------------- next part --------------
=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py	2012-01-31 17:00:22 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py	2012-02-15 10:24:06 +0000
@@ -86,7 +86,6 @@
     # XXX: Needs checking, can't trust the interweb ;) -- vila 2012-01-25
     u'/etc/openssl/certs/ca-certificates.crt', # Solaris
     ]
-
 def default_ca_certs():
     if sys.platform == 'win32':
         return os.path.join(os.path.dirname(sys.executable), u"ca_bundle.crt")
@@ -122,6 +121,13 @@
     except KeyError:
         raise ValueError("invalid value %s" % unicode_str)
 
+def default_ca_reqs():
+    if sys.platform in ('win32', 'darwin'):
+        # FIXME: Once we get a native access to root certificates there, this
+        # won't needed anymore. See http://pad.lv/920455 -- vila 2012-02-15
+        return u'none'
+    else:
+        return u'required'
 
 opt_ssl_ca_certs = config.Option('ssl.ca_certs',
         from_unicode=ca_certs_from_store,
@@ -137,7 +143,7 @@
 """)
 
 opt_ssl_cert_reqs = config.Option('ssl.cert_reqs',
-        default=u"required",
+        default=default_ca_reqs,
         from_unicode=cert_reqs_from_store,
         invalid='error',
         help="""\

=== modified file 'doc/en/release-notes/bzr-2.5.txt'
--- a/doc/en/release-notes/bzr-2.5.txt	2012-02-03 12:47:10 +0000
+++ b/doc/en/release-notes/bzr-2.5.txt	2012-02-15 10:24:06 +0000
@@ -33,6 +33,10 @@
 .. Fixes for situations where bzr would previously crash or give incorrect
    or undesirable results.
 
+* Disable ssl certificate verification on osx and windows until a native
+  access to the the root certificates is prodived there.
+  (Vincent Ladeuil, #929179)
+
 Documentation
 *************

More information about the bazaar-commits mailing list