Check browserid.org verifier's SSL certificate
Bug #864464 reported by
François Marier
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Libravatar (obsolete) |
Fix Released
|
High
|
François Marier | ||
Bug Description
urllib2 doesn't check that the server SSL certificate is valid when connecting to an HTTPS host.
Instead, we should use HttpLib2:
https:/
Unfortunately the Squeeze version of python-httplib2 is too old and doesn't support the cacerts parameter :(
Revision history for this message
| François Marier (fmarier) wrote | #1 |
Revision history for this message
| François Marier (fmarier) wrote | #2 |
Revision history for this message
| François Marier (fmarier) wrote | #3 |
| Changed in libravatar: | |
| assignee: | nobody → François Marier (fmarier) |
| Changed in libravatar: | |
| status: | Triaged → In Progress |
| Changed in libravatar: | |
| status: | In Progress → Fix Committed |
| Changed in libravatar: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This will be unnecessary once bug 859354 is fixed.