-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python-openssl: Add dependency on ca-certificates #12209
Comments
@commodo Any opinion on this? This sounds reasonable to me though I'm far from an OpenSSL expert. |
Why should it be ca-certificates, and not the pseudo-package "ca-certs" ???? so that both ca-certificates and the newer ca-bundle can fulfill the dependency, and the user is not forced to install also ca-certificates... If the dependency would be introduced, I suggest that the newish "ca-certs" is used. |
I didn't know about |
|
@commodo I think updating 18.06 for this makes sense - I'll open some PRs soon. |
Note that the newish ca-certs may not exist in the relase branches. |
This was proposed via openwrt#12209 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit d2b0cc5)
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
We can probably close this now. |
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt/packages#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The ssl module assumes OpenSSL can load the default trust anchors (root CA certificates). From openwrt#12209 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Maintainer: @jefferyto
Environment: all
Description:
The
python3-openssl
package andpython-openssl
package should depend onca-certificates
package. Since Python 2.7.9 and 3.4.0 the ssl module encourages developers to usessl.create_default_context()
to create a working and securely configured SSL context object. The implementation assumes that the platform has a correctly configured OpenSSL libssl that can load the default trust anchors (root CA certificates) withSSL_CTX_set_default_verify_paths()
.Also see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960869 for my Debian related bug.
The text was updated successfully, but these errors were encountered: