Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Remove ca-certificates bundle and instead depend on the certifi package.

  • Loading branch information...
commit ec4b7e4643a0b4e9b33b927d77751d7ac46a5fe3 1 parent 7273227
@bdarnell bdarnell authored
View
1  MANIFEST.in
@@ -1,6 +1,5 @@
recursive-include demos *.py *.yaml *.html *.css *.js *.xml *.sql README
include tornado/speedups.c
-include tornado/ca-certificates.crt
include tornado/test/README
include tornado/test/csv_translations/fr_FR.csv
include tornado/test/gettext_translations/fr_FR/LC_MESSAGES/tornado_test.mo
View
10 README.rst
@@ -77,12 +77,12 @@ copy of the source tarball as well.
The Tornado source code is `hosted on GitHub
<https://github.com/facebook/tornado>`_.
-**Prerequisites**: Tornado runs on Python 2.6, 2.7, 3.2, and 3.3. On
-Python 2, the `backports.ssl_match_hostname
+**Prerequisites**: Tornado runs on Python 2.6, 2.7, 3.2, 3.3, and 3.4. It
+requires the `certifi <https://pypi.python.org/pypi/certifi>`_ package
+on all Python versions, and the `backports.ssl_match_hostname
<https://pypi.python.org/pypi/backports.ssl_match_hostname>`_ package
-must be installed (This will be installed automatically when using
-``pip`` or ``easy_install``); on Python 3 there are no strict
-dependencies outside the standard library. Some Tornado features may
+on Python 2. These will be installed automatically when using
+``pip`` or ``easy_install``). Some Tornado features may
require one of the following optional libraries:
* `unittest2 <https://pypi.python.org/pypi/unittest2>`_ is needed to run
View
10 docs/index.rst
@@ -86,12 +86,12 @@ copy of the source tarball as well.
The Tornado source code is `hosted on GitHub
<https://github.com/facebook/tornado>`_.
-**Prerequisites**: Tornado runs on Python 2.6, 2.7, 3.2, and 3.3. On
-Python 2, the `backports.ssl_match_hostname
+**Prerequisites**: Tornado runs on Python 2.6, 2.7, 3.2, 3.3, and 3.4. It
+requires the `certifi <https://pypi.python.org/pypi/certifi>`_ package
+on all Python versions, and the `backports.ssl_match_hostname
<https://pypi.python.org/pypi/backports.ssl_match_hostname>`_ package
-must be installed (This will be installed automatically when using
-``pip`` or ``easy_install``); on Python 3 there are no strict
-dependencies outside the standard library. Some Tornado features may
+on Python 2. These will be installed automatically when using
+``pip`` or ``easy_install``). Some Tornado features may
require one of the following optional libraries:
* `unittest2 <https://pypi.python.org/pypi/unittest2>`_ is needed to run
View
4 docs/releases/next.rst
@@ -11,6 +11,10 @@ Backwards-compatibility notes
to `.IOLoop.add_handler` in this release.
* `tornado.concurrent.Future` is no longer thread-safe; use
`concurrent.futures.Future` when thread-safety is needed.
+* Tornado now depends on the `certifi <https://pypi.python.org/pypi/certifi>`_
+ package instead of bundling its own copy of the Mozilla CA list. This will
+ be installed automatically when using ``pip`` or ``easy_install``.
+
`tornado.concurrent`
~~~~~~~~~~~~~~~~~~~~
View
1  maint/requirements.txt
@@ -2,6 +2,7 @@
# Tornado's required dependencies
backports.ssl-match-hostname==3.4.0.2
+certifi==1.0.1
# Tornado's optional dependencies
Twisted==13.2.0
View
6 setup.py
@@ -134,17 +134,19 @@ def build_extension(self, ext):
# fall back to the pure-python implementation on any build failure.
kwargs['cmdclass'] = {'build_ext': custom_build_ext}
+
if setuptools is not None:
# If setuptools is not available, you're on your own for dependencies.
+ install_requires = ['certifi']
if sys.version_info < (3, 2):
- kwargs['install_requires'] = ['backports.ssl_match_hostname']
+ install_requires.append('backports.ssl_match_hostname')
+ kwargs['install_requires'] = install_requires
setup(
name="tornado",
version=version,
packages = ["tornado", "tornado.test", "tornado.platform"],
package_data = {
- "tornado": ["ca-certificates.crt"],
# data files need to be listed both here (which determines what gets
# installed) and in MANIFEST.in (which determines what gets included
# in the sdist tarball)
View
3,562 tornado/ca-certificates.crt
0 additions, 3,562 deletions not shown
View
13 tornado/simple_httpclient.py
@@ -15,7 +15,6 @@
import collections
import copy
import functools
-import os.path
import re
import socket
import ssl
@@ -31,8 +30,16 @@
except ImportError:
import urllib.parse as urlparse # py3
-_DEFAULT_CA_CERTS = os.path.dirname(__file__) + '/ca-certificates.crt'
+try:
+ import certifi
+except ImportError:
+ certifi = None
+def _default_ca_certs():
+ if certifi is None:
+ raise Exception("The 'certifi' package is required to use https "
+ "in simple_httpclient")
+ return certifi.where()
class SimpleAsyncHTTPClient(AsyncHTTPClient):
"""Non-blocking HTTP client with no external dependencies.
@@ -224,7 +231,7 @@ def _create_stream(self, addrinfo):
if self.request.ca_certs is not None:
ssl_options["ca_certs"] = self.request.ca_certs
else:
- ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
+ ssl_options["ca_certs"] = _default_ca_certs()
if self.request.client_key is not None:
ssl_options["keyfile"] = self.request.client_key
if self.request.client_cert is not None:
View
4 tornado/test/simple_httpclient_test.py
@@ -16,7 +16,7 @@
from tornado.ioloop import IOLoop
from tornado.log import gen_log
from tornado.netutil import Resolver
-from tornado.simple_httpclient import SimpleAsyncHTTPClient, _DEFAULT_CA_CERTS
+from tornado.simple_httpclient import SimpleAsyncHTTPClient, _default_ca_certs
from tornado.test.httpclient_test import ChunkHandler, CountdownHandler, HelloWorldHandler
from tornado.test import httpclient_test
from tornado.testing import AsyncHTTPTestCase, AsyncHTTPSTestCase, AsyncTestCase, bind_unused_port, ExpectLog
@@ -192,7 +192,7 @@ def test_redirect_connection_limit(self):
response.rethrow()
def test_default_certificates_exist(self):
- open(_DEFAULT_CA_CERTS).close()
+ open(_default_ca_certs()).close()
def test_gzip(self):
# All the tests in this file should be using gzip, but this test
Please sign in to comment.
Something went wrong with that request. Please try again.