Check browserid.org verifier's SSL certificate
Bug #864464 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Fix Released
|
High
|
François Marier |
Bug Description
urllib2 doesn't check that the server SSL certificate is valid when connecting to an HTTPS host.
Instead, we should use HttpLib2:
https:/
Unfortunately the Squeeze version of python-httplib2 is too old and doesn't support the cacerts parameter :(
Changed in libravatar: | |
status: | Triaged → In Progress |
Changed in libravatar: | |
status: | In Progress → Fix Committed |
Changed in libravatar: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This will be unnecessary once bug 859354 is fixed.