© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
The more I look, the uglier this gets.
1. To me, it appears that bzr's interface for verifying a cert is to use pycurl and this was true in bzr-1.3.1. Maybe, the presents/absense of pycurl is bzr's "switch" to tell it whether you want cert verification of not .. I can't find any documentation that says anything about this.
2. If certs are always to be verified, then bzr should complain when pycurl is not installed and this would be a bzr bug.
Note: It does not help that I know very little about python and going through python code or C code for python is somewhat difficult.
So, just what is doing the CA verification and issuing the error message?
3. It is not pycurl! I loaded up the pycurl source and found a small program which can be used to invoke it ...
./python/
Running this with https:/
pycurl.error: (60, 'Peer certificate cannot be authenticated ...
This also says that the problem is not bzr.
4. One of the comments above says that, on debian, just install the ca-certificates package. Well, from what I can see, debian and Fedora put the CA certificates in very different locations:
For debian: /usr/share/
For Fedora: /etc/pki/
Well, the claim is that debian works. I suppose that I could install debian and test this but that seems like a lot of work for me. Does anyone claim to have first-hand experience that bzr lp-login xxx works on debian with pycurl installed?
Does anyone have any "proof" that certificate authentication works under Fedora?
To me, this looks like this is "below" pycurl. In may be in python's urllib or even below that (openssl?). I am trying to find out where that bloody message is being issued from ... so far, no luck.