incubator-libcloud mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomaž Muraus <to...@cloudkick.com>
Subject Re: [libcloud] SSL certs checking
Date Sat, 13 Nov 2010 04:01:10 GMT
Hello,

sorry for a late response, I have had a busy week.

I have made a few modification to your patch, namely if M2Crypto library is
not available, it uses a custom HTTPS connection module which verifies the
server certificate.

This means that SSL certificate verification can also be used if the
M2Crypto library is not available.

Note: It looks like if you try to install the M2Crypto library on Unix using
pip it fails, because it downloads the Windows package by default (it works
fine if you install it manually using setup.py or install a .deb package if
you are on Ubuntu / Debain).

Now someone from the commit team needs to look at the patch and merge it
into trunk.

Tomaž

On Sat, Nov 13, 2010 at 12:55 AM, Pietro Battiston <me@pietrobattiston.it>wrote:

> Il giorno ven, 12/11/2010 alle 17.54 -0500, Tom Davis ha scritto:
> > >
> > > As already said, I have never used libcloud and maybe should hence not
> > > care that much, but I still want you to notice that it will probably be
> > > removed from Debian if the bug is not fixed:
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
> >
> >
> > If we're going to get kicked from repos for this, I think it's time to
> drop
> > the "dependencies are generically bad" thing and fix this issue. It
> doesn't
> > seem like we would even need to explicitly *require* M2Crypto
>
> The patch I proposed doesn't.
>
> Pietro
>
>
> >  (though, IMO,
> > we might as well since it's on pypi).
> >
> > On Fri, Nov 12, 2010 at 5:05 PM, Pietro Battiston <me@pietrobattiston.it
> >wrote:
> >
> > > Il giorno lun, 08/11/2010 alle 19.40 +0100, Pietro Battiston ha
> scritto:
> > > > Il giorno lun, 08/11/2010 alle 11.18 +0100, Tomaž Muraus ha scritto:
> > > > > Hello,
> > > > >
> > > > > A user has already created an issue on Jira about this[1] some time
> ago
> > > and
> > > > > because the root issue is in the Python module only a warning has
> been
> > > added
> > > > > to the README.
> > > > >
> > > > > I still personally think that the better solution would to fix the
> > > problem
> > > > > and subclass the HTTPSConnection class and manually check the
> hostname
> > > or
> > > > > switch to the M2Crypto library like you have suggested.
> > > > >
> > > > > Only problem with switching to the M2Crypto library is that it adds
> an
> > > extra
> > > > > dependency.
> > > >
> > > >
> > > > Sure. Hence, using M2Crypto if available and printing a warning
> > > > otherwise is to my eyes the optimum.
> > > >
> > > > That's what I'm doing in the attached patch (from "svn diff" on svn
> > > > trunk).
> > > >
> > > > Would you mind reviewing/testing it? Would you/some other developer
> > > > suggest if there are other places (a quick grep found none) in
> libcloud
> > > > where https connections are made?
> > > >
> > > > thanks a lot
> > > >
> > > > Pietro
> > >
> > >
> > > As already said, I have never used libcloud and maybe should hence not
> > > care that much, but I still want you to notice that it will probably be
> > > removed from Debian if the bug is not fixed:
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
> > >
> > > bye
> > >
> > > Pietro
> > >
> > >
> > > >
> > > > >
> > > > > [1]: https://issues.apache.org/jira/browse/LIBCLOUD-55
> > > > >
> > > > > On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <
> > > me@pietrobattiston.it>wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > I' coping with bug
> > > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> > > > > > and it seems the only upstream reference to it is
> > > > > >
> > > > > >
> > >
> http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
> > > > > >
> > > > > > Now, there is no doubt that it's indeed an annoying thing, and
> that
> > > many
> > > > > > other
> > > > > > projects just fixed it (waiting for python devs doing it). But
> I'm
> > > not
> > > > > > in search of a flame: I just would like to fix it (as a Debian
> patch,
> > > if
> > > > > > you are not interested).
> > > > > >
> > > > > > In a project of mine, the analogous fix took very few lines
of
> code:
> > > > > >
> > > > > >
> > > > > >
> > >
> http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
> > > > > >
> > > > > > and I would be happy to try to do the same on libcloud, though
I
> > > > > > perfectly know it will be slightly harder.
> > > > > >
> > > > > > But the main point is: I never used this library, neither have
an
> > > > > > account on any cloud provider, so I would totally appreciate
if
> some
> > > dev
> > > > > > or at least user could cooperate with me. Feel free to answer
in
> > > mailing
> > > > > > list of contact me privately.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Pietro Battiston
> > > > > >
> > > > > >
> > > >
> > >
> > >
> > >
>
>
>

Mime
View raw message