[bug?] launchpad and pycurl
Andrew Bennetts
andrew at canonical.com
Mon Jan 29 12:26:10 GMT 2007
Alexander Belchenko wrote:
[...]
> >
> > In your case, Launchpad's certificate is apparently signed by
> > http://www.starfieldtech.com/ (just looking at the details my web browser
> > reports when surfing https://launchpad.net/), so I'd guess the problem for you
> > is that the curl installation you're using doesn't include their CA cert. The
> > FAQ link above links to http://curl.haxx.se/docs/sslcerts.html, which suggests
> > ways to tell the curl library about more CA certs.
>
> The problem for me that I don't use curl library alone.
> I use pycurl extension for python. Right now it's in version
> libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 c-ares/1.3.1
>
> So if something wrong with bundled certificates I completely doomed.
>
> I think bzr *should* provide the way to obtain missed certificates.
> Especially for Launchpad.net.
The CURLOPT_CAINFO option in libcurl looks like something bzr could set to
specify a certificate to use. (see
http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCAINFO)
For the Launchpad case, it's probably better to make sure that the pycurl we
distribute in the installer already has the necessary CA cert in its default
bundle. I'm not sure what's involved in doing that, but it would seem to be the
best solution for this to work out-of-the-box for our Windows users. Perhaps we
should talk to pycurl upstream?
-Andrew.
More information about the bazaar
mailing list