Comment 8 for bug 245634
Revision history for this message
| James Westby (james-w) wrote Re: [Bug 245634] Re: traceback trying to lp-login on Fedora 9 | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
On Sat, 2008-07-05 at 04:28 +0000, Gene Czarcinski wrote:
> The more I look, the uglier this gets.
>
> 1. To me, it appears that bzr's interface for verifying a cert is to use
> pycurl and this was true in bzr-1.3.1. Maybe, the presents/absense of
> pycurl is bzr's "switch" to tell it whether you want cert verification
> of not .. I can't find any documentation that says anything about this.
>
As vila explained this is more of an implementation detail, as there are
two implementations, one that checks CA certificates, but doesn't have
a nice interface to control that, and the other that doesn't check them
at all yet.
> 2. If certs are always to be verified, then bzr should complain when
> pycurl is not installed and this would be a bzr bug.
>
I believe vila's plan is to make urllib verify them, but provide a
way to allow unverified certificates.
> 4. One of the comments above says that, on debian, just install the ca-
> certificates package. Well, from what I can see, debian and Fedora put
> the CA certificates in very different locations:
>
> For debian: /usr/share/
> For Fedora: /etc/pki/
>
debian actually symlinks those certificates in to /etc/ssl/certs/ at
install time, so it's more complicated than that. The reason for this
is that the admin can control what is accepted and what isn't by
controlling those symlinks.
> Well, the claim is that debian works. I suppose that I could install
> debian and test this but that seems like a lot of work for me. Does
> anyone claim to have first-hand experience that bzr lp-login xxx works
> on debian with pycurl installed?
Yes, I know this works.
Thanks,
James