[Bug 1175272] Re: requests permitted after invalid certificate is received

[Marc Deslauriers]

** Bug watch added: code.google.com/p/httplib2/issues #282
   http://code.google.com/p/httplib2/issues/detail?id=282

** Also affects: httplib2 via
   http://code.google.com/p/httplib2/issues/detail?id=282
   Importance: Unknown
       Status: Unknown

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-httplib2 in Ubuntu.
https://bugs.launchpad.net/bugs/1175272

Title:
  requests permitted after invalid certificate is received

Status in httplib2:
  Unknown
Status in “python-httplib2” package in Ubuntu:
  New
Status in “python-httplib2” package in Debian:
  New

Bug description:
  After httplib2 has found a certificate to be invalid it will permit
  future requests on the same https connection. Future requests will be
  performed without validating the certificate.

  The attached program attempts two requests on a single https
  connection. One request receives a
  httplib2.CertificateHostnameMismatch exception, the other receives a
  HTTP 200 success code.

  An invalid certificate should be treated as a connection error, and
  future requests should attempt to establish a new https connection to
  the server.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: python-httplib2 0.7.2-1ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-40.64-generic 3.2.40
  Uname: Linux 3.2.0-40-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu17.2
  Architecture: i386
  Date: Wed May  1 19:48:16 2013
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: python-httplib2
  UpgradeStatus: Upgraded to precise on 2012-05-08 (357 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/httplib2/+bug/1175272/+subscriptions