Ubuntu
lazr.restfulclient package

lazr.restfulclient doesn't use system ca certificates

Bug #882034 reported by Marc Deslauriers on 2011-10-26

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	lazr.restfulclient (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

python-httplib2 0.7.0 and higher, used by lazr.restfulclient, performs server certificate validation by default, but uses an example cacert.txt containing root certs.

Applications that use python-httplib2 should specify usage of the system ca certs for validation (/etc/ssl/certs) which are well maintained and get security updates.

Jamie Strandboge (jdstrand) on 2011-12-13

Changed in lazr.restfulclient (Ubuntu):
status:	New → Confirmed

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-03-01:

This should be fixed now:

http://www.ubuntu.com/usn/usn-1375-1/

Changed in lazr.restfulclient (Ubuntu):
status:	Confirmed → Fix Released

Marc Deslauriers (mdeslaur) on 2012-03-01

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulazr.restfulclient package

lazr.restfulclient doesn't use system ca certificates

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
lazr.restfulclient package