Rev 6474: (vila) Default to no ssl cert verification on osx and windows (Vincent in file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.5/

Patch Queue Manager pqm at pqm.ubuntu.com
Thu Feb 16 08:57:57 UTC 2012 

At file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/2.5/

------------------------------------------------------------
revno: 6474 [merge]
revision-id: pqm at pqm.ubuntu.com-20120216085757-uqko416ihb9h0url
parent: pqm at pqm.ubuntu.com-20120206075706-1zaxiu1kz3c4jf7t
parent: v.ladeuil+lp at free.fr-20120216082959-4gnqpmqg908fpcz3
committer: Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: 2.5
timestamp: Thu 2012-02-16 08:57:57 +0000
message:
  (vila) Default to no ssl cert verification on osx and windows (Vincent
   Ladeuil)
modified:
  bzrlib/transport/http/_urllib2_wrappers.py _urllib2_wrappers.py-20060913231729-ha9ugi48ktx481ao-1
  doc/en/release-notes/bzr-2.5.txt bzr2.5.txt-20110708125756-587p0hpw7oke4h05-1
=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py	2012-01-31 17:00:22 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py	2012-02-15 10:24:06 +0000
@@ -86,7 +86,6 @@
     # XXX: Needs checking, can't trust the interweb ;) -- vila 2012-01-25
     u'/etc/openssl/certs/ca-certificates.crt', # Solaris
     ]
-
 def default_ca_certs():
     if sys.platform == 'win32':
         return os.path.join(os.path.dirname(sys.executable), u"ca_bundle.crt")
@@ -122,6 +121,13 @@
     except KeyError:
         raise ValueError("invalid value %s" % unicode_str)
 
+def default_ca_reqs():
+    if sys.platform in ('win32', 'darwin'):
+        # FIXME: Once we get a native access to root certificates there, this
+        # won't needed anymore. See http://pad.lv/920455 -- vila 2012-02-15
+        return u'none'
+    else:
+        return u'required'
 
 opt_ssl_ca_certs = config.Option('ssl.ca_certs',
         from_unicode=ca_certs_from_store,
@@ -137,7 +143,7 @@
 """)
 
 opt_ssl_cert_reqs = config.Option('ssl.cert_reqs',
-        default=u"required",
+        default=default_ca_reqs,
         from_unicode=cert_reqs_from_store,
         invalid='error',
         help="""\

=== modified file 'doc/en/release-notes/bzr-2.5.txt'
--- a/doc/en/release-notes/bzr-2.5.txt	2012-02-03 12:47:10 +0000
+++ b/doc/en/release-notes/bzr-2.5.txt	2012-02-16 08:29:59 +0000
@@ -33,6 +33,10 @@
 .. Fixes for situations where bzr would previously crash or give incorrect
    or undesirable results.
 
+* Disable ssl certificate verification on osx and windows until a native
+  access to the the root certificates is provided there.
+  (Vincent Ladeuil, #929179)
+
 Documentation
 *************

More information about the bazaar-commits mailing list