© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The actual state is rather messy. bzr has two http client implementations one is pycurl based the other urllib based.
pycurl can verify certificates if the underlying libcurl can find the CA certificates.
urllib can't, so far, and just implement the encrypting of the session.
This is actually worked on but at a slow pace.
As you found out there are roughly three parts involved:
- the http implementation support (pycurl or urllib),
- the ssl library
- the CA certificates
Depending on the distro you use the ssl library knows about the CA certificates *or not*.
On windows the situation where even worse as there is no package at all for the CA certificates :)
But that may help you use the following work-around:
- for the pycurl implementation you can specify a CA bundle with CURL_CA_BUNDLE environment variable.
Finally, today, you can use https with either urllib or pycurl and get an encrypted session.
Some people don't care about certificate verification so using urllib is fine.
For those who prefer to verify certificates, pycurl is the way to go, but in that case pycurl (or more generally the underlying libcurl and even sometimes the underlying ssl lib) should be configured with valid CA certificates).
For distributions where CA certificates are directly available, but pycurl not configured to use them transparently, the work-around above is the way to go.
All the above problems have to be addressed in the future bzr urllib implementation for which progress can be watched at lp:~/vila/bzr/https