From owner-freebsd-python@FreeBSD.ORG Fri Jan 30 01:08:06 2015 Return-Path: Delivered-To: python@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97CD78D1 for ; Fri, 30 Jan 2015 01:08:06 +0000 (UTC) Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 621EE679 for ; Fri, 30 Jan 2015 01:08:06 +0000 (UTC) Received: by mail-pa0-f43.google.com with SMTP id eu11so45462103pac.2 for ; Thu, 29 Jan 2015 17:08:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:reply-to:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=BImPaKZBeZqC7W0PIRXLb4dKmrG+HCKCM4uZMKaUcTg=; b=iZDflrvN7qV3E7BW6ioM9BGS/9bv6IdDiM4OBukAqCmBnMc45CbDeL/zL0Ikn7GQwS bzb3vWn1UYBAtGU21qMVKhNeiMYS1eDHZPy7U3v7DLokB2UJVWhp2pX4VZ8ZLhc4a31t yl8xocCF7fs/efzWan17xGYPpTLm6+f9Ynjb3OD9W2t0Fc0E6XKbOUku4smGQfA/ANp1 y4bLvXuLsY8vVr57BqTDRAgfjhSf9ICjfcG6ldOT7oR+lH4GYaHYjyasvTjjioCyTKGj FqCmkUfFyol0xt+9zWnPGMwy15pDHM7Lueap3mWhWWmA684uI7pzEt+0/fejndwSK+JO S/IA== X-Received: by 10.66.140.102 with SMTP id rf6mr4643545pab.147.1422580085211; Thu, 29 Jan 2015 17:08:05 -0800 (PST) Received: from [192.168.1.107] (ppp59-167-128-11.static.internode.on.net. [59.167.128.11]) by mx.google.com with ESMTPSA id qv9sm9055355pab.27.2015.01.29.17.08.03 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jan 2015 17:08:04 -0800 (PST) Sender: Kubilay Kocak Message-ID: <54CAD96C.3070701@FreeBSD.org> Date: Fri, 30 Jan 2015 12:07:56 +1100 From: Kubilay Kocak Reply-To: koobs@FreeBSD.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Thunderbird/34.0 MIME-Version: 1.0 To: michele , python@FreeBSD.org Subject: Re: FreeBSD Port: lang/python27 References: <930FE4CE-94D1-47EE-BF8A-906C3DD5BCB7@buddyns.com> In-Reply-To: <930FE4CE-94D1-47EE-BF8A-906C3DD5BCB7@buddyns.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2015 01:08:06 -0000 On 30/01/2015 5:49 AM, michele wrote: > Hey folks, > > I’m dropping a quick note on this; didn’t have the time to look through: > > > Python 2.7.9 introduced SSL certificate validation by default. The default distribution > expects the CA at /etc/ssl/ , but FreeBSD stores it in /usr/local/etc/ssl . > > This silently breaks all systems using SSL connection without change to infrastructure > or code. A simple symlink (see below) fixes the issue. I suppose this also effectively > requires to add "ca_root_nss" to RUN_DEPENDS. > > http://www.quora.com/Are-your-Python-scripts-failing-like-this-urllib2-URLError-urlopen-error-SSL-CERTIFICATE_VERIFY_FAILED-certificate-verify-failed > > cheers > michele Thanks Michele, The issue is slightly more complex than that (tldr; Python uses OpenSSL functions, not cert paths) If you're using Ports OpenSSL (for Python): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431 If you're using Base OpenSSL (for Python): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189811 Got you covered, thanks for the +1 report :) ./koobs