Message240129
Le 05/04/2015 21:26, Marc-Andre Lemburg a écrit :
>
> But this is only an example of an application not working anymore
> because the system's OpenSSL could not verify certificates.
> In this case, no root CA certs were available. On older systems
> with proper root CA certs, it's likely that the newer CA certs
> needed to verify the PyPI certificates are not installed...
> and yes: those system do exist and are in active use, simply because
> they cannot be upgraded for other reasons :-)
Let's sum it up:
- the machine can't be upgraded, but you are upgrading Python by hand
(hand-compiled?)
- OpenSSL is installed but there are no root CA certs (?!)
- the machine probably isn't ever doing a single verified HTTPS access,
for the previous reason, and nobody cares about it
- you want to be able to use unauthenticated HTTPS to download and
install software from the Internet
And, since this is an AIX machine, I'm presuming this isn't a hobbyist's
setup, but an enterprise system with paid-for support and licenses,
right? And you want the python-dev community to care for that broken
situation by bearing the cost of additional maintenance and security
risk in implementing the new configuration options? |
|
Date |
User |
Action |
Args |
2015-04-05 19:36:19 | pitrou | set | recipients:
+ pitrou, lemburg, barry, doko, ncoghlan, janssen, vstinner, alex, r.david.murray, bkabrda, dstufft, rkuska |
2015-04-05 19:36:19 | pitrou | link | issue23857 messages |
2015-04-05 19:36:19 | pitrou | create | |
|