Bug 1154641 - httplib2.CA_CERTS not patched on python 3
Summary: httplib2.CA_CERTS not patched on python 3
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-httplib2
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Andreas Bierfert
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-20 11:56 UTC by John Vandenberg
Modified: 2015-05-08 07:46 UTC (History)
4 users (show)

Fixed In Version: python-httplib2-0.9.1-1.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-05-08 07:46:11 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description John Vandenberg 2014-10-20 11:56:50 UTC
Description of problem:
Python3 httplib2 does not use the system certs.

httplib2 for python2 was patched to use the system certs (bug 804879), however a different file needs to be patched to use the system certs for the python3 build.

Version-Release number of selected component (if applicable):
All.
I've checked the latest build (http://koji.fedoraproject.org/koji/packageinfo?packageID=5512), and it only patches python2/httplib2/__init__.py, not python3/httplib2/__init__.py

How reproducible:
Always on FC20, and probably all previous and development versions which included python3 rpms.

Steps to Reproduce:
1. Install python3-httplib2
2. use it to connect to a https site, using the defaults - i.e. enabled cert verification.

Actual results:
Connection successful

Expected results:
Certificate verification error.

Additional info:
https://bugzilla.wikimedia.org/show_bug.cgi?id=72009

Comment 1 Kevin Fenzi 2015-04-03 19:17:00 UTC
This was fixed in this commit: 

commit 4ec5e02d1c821e4687cb3dbbd2662d0398376cb1
Author: Adam Williamson <awilliam>
Date:   Mon Jan 12 18:04:41 2015 -0800

    certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch py3

Comment 2 Johnny Robeson 2015-04-24 09:16:26 UTC
can't this fix be applied to Fedora 21 too?

Comment 3 Kevin Fenzi 2015-04-29 23:17:08 UTC
Sure. Let me push the latest out to 22/21.

Comment 4 Fedora Update System 2015-04-29 23:35:04 UTC
python-httplib2-0.9.1-1.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/python-httplib2-0.9.1-1.fc22

Comment 5 Fedora Update System 2015-04-29 23:35:30 UTC
python-httplib2-0.9.1-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/python-httplib2-0.9.1-1.fc21

Comment 6 Fedora Update System 2015-05-01 16:36:38 UTC
Package python-httplib2-0.9.1-1.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing python-httplib2-0.9.1-1.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-7280/python-httplib2-0.9.1-1.fc21
then log in and leave karma (feedback).

Comment 7 Fedora Update System 2015-05-08 07:46:11 UTC
python-httplib2-0.9.1-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.