Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python-openssl: Add dependency on ca-certificates #12209

Closed
tiran opened this issue May 18, 2020 · 7 comments
Closed

python-openssl: Add dependency on ca-certificates #12209

tiran opened this issue May 18, 2020 · 7 comments

Comments

@tiran
Copy link

tiran commented May 18, 2020
edited
Loading

Maintainer: @jefferyto
Environment: all

Description:

The python3-openssl package and python-openssl package should depend on ca-certificates package. Since Python 2.7.9 and 3.4.0 the ssl module encourages developers to use ssl.create_default_context() to create a working and securely configured SSL context object. The implementation assumes that the platform has a correctly configured OpenSSL libssl that can load the default trust anchors (root CA certificates) with SSL_CTX_set_default_verify_paths().

Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960869 for my Debian related bug.
@tiran tiran mentioned this issue May 18, 2020
Closed
@jefferyto
Copy link
Member

@commodo Any opinion on this? This sounds reasonable to me though I'm far from an OpenSSL expert.

@hnyman
Copy link
Contributor

hnyman commented May 18, 2020

should depend on ca-certificates

Why should it be ca-certificates, and not the pseudo-package "ca-certs" ????

so that both ca-certificates and the newer ca-bundle can fulfill the dependency, and the user is not forced to install also ca-certificates...

If the dependency would be introduced, I suggest that the newish "ca-certs" is used.

openwrt/openwrt@dd29980

@tiran
Copy link
Author

tiran commented May 18, 2020

I didn't know about ca-certs. A generic provider sounds even better to me.

@commodo
Copy link
Contributor

commodo commented May 19, 2020

ca-certs sounds good to me as well;
i think we may need to open this as far back as OpenWrt 18.06?

@jefferyto
Copy link
Member

@commodo I think updating 18.06 for this makes sense - I'll open some PRs soon.

@hnyman
Copy link
Contributor

hnyman commented May 19, 2020

Note that the newish ca-certs may not exist in the relase branches.

commodo added a commit to commodo/packages that referenced this issue May 19, 2020
@commodo
python3: add ca-certs as a dep for python3-openssl
baa1b8a 
This was proposed via openwrt#12209

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
jefferyto added a commit to jefferyto/openwrt-packages that referenced this issue May 19, 2020
@jefferyto
python3-openssl: Add dependency on ca-certs
d2b0cc5 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
@jefferyto jefferyto mentioned this issue May 20, 2020
Merged
jefferyto added a commit to jefferyto/openwrt-packages that referenced this issue May 20, 2020
@jefferyto
python3-openssl: Add dependency on ca-certs
c32e08f 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit d2b0cc5)
jefferyto added a commit to jefferyto/openwrt-packages that referenced this issue May 20, 2020
@jefferyto
python-openssl: Add dependency on ca-certs
c062120 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
@jefferyto jefferyto mentioned this issue May 20, 2020
Merged
jefferyto added a commit to jefferyto/openwrt-packages that referenced this issue May 20, 2020
@jefferyto
python-openssl,python3-openssl: Add dependency on ca-bundle
76a6718 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
@jefferyto jefferyto mentioned this issue May 20, 2020
Merged
@commodo
Copy link
Contributor

commodo commented May 20, 2020

We can probably close this now.

@hnyman hnyman closed this as completed May 20, 2020
1715173329 pushed a commit to immortalwrt/packages that referenced this issue May 23, 2020
@jefferyto @1715173329
python3-openssl: Add dependency on ca-certs
bb8de62 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt/packages#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
farmergreg pushed a commit to farmergreg/packages that referenced this issue Sep 8, 2020
@jefferyto @farmergreg
python3-openssl: Add dependency on ca-certs
f615d90 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
farmergreg pushed a commit to farmergreg/packages that referenced this issue Sep 8, 2020
@jefferyto @farmergreg
python3-openssl: Add dependency on ca-certs
e39aaff 
The ssl module assumes OpenSSL can load the default trust anchors (root
CA certificates).

From openwrt#12209

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jefferyto @tiran @commodo @hnyman