Date: Fri, 30 Jan 2015 12:07:56 +1100 From: Kubilay Kocak <koobs@FreeBSD.org> To: michele <michele@buddyns.com>, python@FreeBSD.org Subject: Re: FreeBSD Port: lang/python27 Message-ID: <54CAD96C.3070701@FreeBSD.org> In-Reply-To: <930FE4CE-94D1-47EE-BF8A-906C3DD5BCB7@buddyns.com> References: <930FE4CE-94D1-47EE-BF8A-906C3DD5BCB7@buddyns.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30/01/2015 5:49 AM, michele wrote: > Hey folks, > > I’m dropping a quick note on this; didn’t have the time to look through: > > > Python 2.7.9 introduced SSL certificate validation by default. The default distribution > expects the CA at /etc/ssl/ , but FreeBSD stores it in /usr/local/etc/ssl . > > This silently breaks all systems using SSL connection without change to infrastructure > or code. A simple symlink (see below) fixes the issue. I suppose this also effectively > requires to add "ca_root_nss" to RUN_DEPENDS. > > http://www.quora.com/Are-your-Python-scripts-failing-like-this-urllib2-URLError-urlopen-error-SSL-CERTIFICATE_VERIFY_FAILED-certificate-verify-failed > > cheers > michele Thanks Michele, The issue is slightly more complex than that (tldr; Python uses OpenSSL functions, not cert paths) If you're using Ports OpenSSL (for Python): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431 If you're using Base OpenSSL (for Python): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189811 Got you covered, thanks for the +1 report :) ./koobs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54CAD96C.3070701>