Description of problem: Python3 httplib2 does not use the system certs. httplib2 for python2 was patched to use the system certs (bug 804879), however a different file needs to be patched to use the system certs for the python3 build. Version-Release number of selected component (if applicable): All. I've checked the latest build (http://koji.fedoraproject.org/koji/packageinfo?packageID=5512), and it only patches python2/httplib2/__init__.py, not python3/httplib2/__init__.py How reproducible: Always on FC20, and probably all previous and development versions which included python3 rpms. Steps to Reproduce: 1. Install python3-httplib2 2. use it to connect to a https site, using the defaults - i.e. enabled cert verification. Actual results: Connection successful Expected results: Certificate verification error. Additional info: https://bugzilla.wikimedia.org/show_bug.cgi?id=72009
This was fixed in this commit: commit 4ec5e02d1c821e4687cb3dbbd2662d0398376cb1 Author: Adam Williamson <awilliam> Date: Mon Jan 12 18:04:41 2015 -0800 certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch py3
can't this fix be applied to Fedora 21 too?
Sure. Let me push the latest out to 22/21.
python-httplib2-0.9.1-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/python-httplib2-0.9.1-1.fc22
python-httplib2-0.9.1-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/python-httplib2-0.9.1-1.fc21
Package python-httplib2-0.9.1-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing python-httplib2-0.9.1-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-7280/python-httplib2-0.9.1-1.fc21 then log in and leave karma (feedback).
python-httplib2-0.9.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.