Date: Fri, 02 Jan 2015 18:10:11 +1100 From: Kubilay Kocak <koobs@FreeBSD.org> To: possnfiffer <possnfiffer@snowboard.com>, freebsd-python@freebsd.org Subject: Re: Python 2.7.9 looks for SSL certificates in /etc/ssl instead of /usr/local/etc/ssl Message-ID: <54A64453.8090709@FreeBSD.org> In-Reply-To: <1420104175270-5977422.post@n5.nabble.com> References: <CADPatTdEmWSQDDx-eZ8ba3Pa_a2phzGME8CbeTcvpSPvckB45Q@mail.gmail.com> <54A0E85A.4030404@FreeBSD.org> <1420081132262-5977381.post@n5.nabble.com> <54A4C188.5080702@freebsd.org> <1420104175270-5977422.post@n5.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/01/2015 8:22 PM, possnfiffer wrote: > I run FreeBSD 10.1-RELEASE x86_64. The last two updates for python2.7_2.2 I > saw were Dec 22nd and Oct 10 (I believe) the Dec update is where I started > having issues with my SABnzbdplus and SickBeard python scripts. > > I wrote the following in hopes that readers searching for a fix to https not > loading with your FreeBSD python scripts, like I was, will find the > following useful to get their systems in working order. > > Yo, > The latest version of python changed it's defaults and now it looks for CA > certificate in /etc/ssl/cert.pem > More precisely, Python uses OpenSSL's SSL_CTX_load_verify_locations function to find certificates. It does not maintain a list of locations internally. For FreeBSD's base OpenSSL, this is /etc/ssl/cert.pem For FreeBSD's Ports OpenSSL, this is /usr/local/openssl/cert.pem I have opened a new issue to address Python (and other software) using OpenSSL from Ports here that has more detail here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431 Please add your +1 to it. Seriously. If you want to see Python (and other software) using OpenSSL from Base fixed, add your +1 to it, seriously: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189811 The latter issue proposed to make the ETCSYMLINK option a default, so people using ports with default options, and those using packages can FINALLY get SSL certificate verification out of the box. ./koobs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54A64453.8090709>