You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@libcloud.apache.org by Pietro Battiston <me...@pietrobattiston.it> on 2010/11/08 11:00:34 UTC

[libcloud] SSL certs checking

Hello,

I' coping with bug
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
and it seems the only upstream reference to it is
http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E

Now, there is no doubt that it's indeed an annoying thing, and that many other
projects just fixed it (waiting for python devs doing it). But I'm not
in search of a flame: I just would like to fix it (as a Debian patch, if
you are not interested).

In a project of mine, the analogous fix took very few lines of code:

http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py

and I would be happy to try to do the same on libcloud, though I
perfectly know it will be slightly harder.

But the main point is: I never used this library, neither have an
account on any cloud provider, so I would totally appreciate if some dev
or at least user could cooperate with me. Feel free to answer in mailing
list of contact me privately.

Thanks

Pietro Battiston

Re: [libcloud] SSL certs checking

Posted by Jerry Chen <je...@apache.org>.

On Nov 16, 2010, at 2:25 PM, Jed Smith wrote:

> 2010/11/15 Tomaž Muraus <to...@cloudkick.com>
> 
>> I have fixed the alt_names and licensing issue and added some tests.
> 
> 
> My Mac doesn't like it :(

The main issue is that the root certs in OS X are stored in a Keychain format, so the path that's included in the patch, '/etc/ssl/certs/ca-certificates.crt', doesn't work.

The patch seems to work great by downloading http://curl.haxx.se/ca/cacert.pem and using that file, though.

I really wish root certificate management were less opaque.

Jerry

Re: [libcloud] SSL certs checking

Posted by Jed Smith <je...@jedsmith.org>.

On Wed, Nov 24, 2010 at 1:55 AM, Pietro Battiston <me...@pietrobattiston.it>wrote:

> Any news on this matter?
>
> Pietro
>

The holiday has cost (at least me) time to work on it. Expect news soon.

-- 
Jed Smith
jed@jedsmith.org

Re: [libcloud] SSL certs checking

Posted by Pietro Battiston <me...@pietrobattiston.it>.

Any news on this matter?

Pietro

Il giorno mar, 16/11/2010 alle 15.25 -0500, Jed Smith ha scritto:
> 2010/11/15 Tomaž Muraus <to...@cloudkick.com>
> 
> > I have fixed the alt_names and licensing issue and added some tests.
> 
> 
> My Mac doesn't like it :(
> 
> Are you able to reproduce this against https://api.linode.com/ ?
> 
> Python 2.6.5 (r265:79359, Mar 24 2010, 01:32:55)
> > [GCC 4.0.1 (Apple Inc. build 5493)] on darwin
> > Type "help", "copyright", "credits" or "license" for more information.
> > >>> from libcloud.drivers.linode import LinodeNodeDriver
> > >>> z = LinodeNodeDriver("1xiz...")
> > >>> z.list_nodes()
> > Traceback (most recent call last):
> >   File "<stdin>", line 1, in <module>
> >   File "libcloud/drivers/linode.py", line 232, in list_nodes
> >     data = self.connection.request(LINODE_ROOT, params=params).objects[0]
> >   File "libcloud/base.py", line 485, in request
> >     raise ssl.SSLError(str(e))
> > ssl.SSLError: [Errno 185090050] _ssl.c:326: error:0B084002:x509 certificate
> > routines:X509_load_cert_crl_file:system lib
> > >>>
> 
>

Re: [libcloud] SSL certs checking

Posted by Jed Smith <je...@jedsmith.org>.

2010/11/15 Tomaž Muraus <to...@cloudkick.com>

> I have fixed the alt_names and licensing issue and added some tests.


My Mac doesn't like it :(

Are you able to reproduce this against https://api.linode.com/ ?

Python 2.6.5 (r265:79359, Mar 24 2010, 01:32:55)
> [GCC 4.0.1 (Apple Inc. build 5493)] on darwin
> Type "help", "copyright", "credits" or "license" for more information.
> >>> from libcloud.drivers.linode import LinodeNodeDriver
> >>> z = LinodeNodeDriver("1xiz...")
> >>> z.list_nodes()
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File "libcloud/drivers/linode.py", line 232, in list_nodes
>     data = self.connection.request(LINODE_ROOT, params=params).objects[0]
>   File "libcloud/base.py", line 485, in request
>     raise ssl.SSLError(str(e))
> ssl.SSLError: [Errno 185090050] _ssl.c:326: error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib
> >>>


-- 
Jed Smith
jed@jedsmith.org

Re: [libcloud] SSL certs checking

Posted by Tomaž Muraus <to...@cloudkick.com>.

I have fixed the alt_names and licensing issue and added some tests.

On Sat, Nov 13, 2010 at 6:13 PM, Jed Smith <je...@jedsmith.org> wrote:

> 2010/11/12 Tomaž Muraus <to...@cloudkick.com>
>
> > I have made a few modification to your patch, namely if M2Crypto library
> is
> > not available, it uses a custom HTTPS connection module which verifies
> the
> > server certificate.
> >
>
> The license on httplib_ssl.py means we cannot accept that file. Homogeneous
> licensing is necessary as part of our involvement in the Apache Software
> Foundation.
>
> Also, a quick test on my machine resulted in a fairly quick traceback:
>
> Python 2.7 (r27:82500, Oct 20 2010, 03:21:03)
> [GCC 4.5.1] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
> >>> from libcloud.drivers.linode import LinodeNodeDriver
> >>> z = LinodeNodeDriver("nGDJ.....")
> >>> z.list_nodes()
> Traceback (most recent call last):
>  File "<stdin>", line 1, in <module>
>  File "libcloud/drivers/linode.py", line 232, in list_nodes
>    data = self.connection.request(LINODE_ROOT, params=params).objects[0]
>  File "libcloud/base.py", line 484, in request
>    headers=headers)
>  File "/usr/lib/python2.7/httplib.py", line 946, in request
>    self._send_request(method, url, body, headers)
>  File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
>    self.endheaders(body)
>  File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
>    self._send_output(message_body)
>  File "/usr/lib/python2.7/httplib.py", line 803, in _send_output
>    self.send(msg)
>  File "/usr/lib/python2.7/httplib.py", line 755, in send
>    self.connect()
>  File "libcloud/httplib_ssl.py", line 50, in connect
>    if not self._verify_hostname(self.host, cert):
>  File "libcloud/httplib_ssl.py", line 57, in _verify_hostname
>    if (hostname == common_name) or hostname in alt_names:
> TypeError: argument of type 'NoneType' is not iterable
> >>>
>
> Looks like alt_names is None?
>
> J
>

Re: [libcloud] SSL certs checking

Posted by Jed Smith <je...@jedsmith.org>.

2010/11/12 Tomaž Muraus <to...@cloudkick.com>

> I have made a few modification to your patch, namely if M2Crypto library is
> not available, it uses a custom HTTPS connection module which verifies the
> server certificate.
>

The license on httplib_ssl.py means we cannot accept that file. Homogeneous
licensing is necessary as part of our involvement in the Apache Software
Foundation.

Also, a quick test on my machine resulted in a fairly quick traceback:

Python 2.7 (r27:82500, Oct 20 2010, 03:21:03)
[GCC 4.5.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from libcloud.drivers.linode import LinodeNodeDriver
>>> z = LinodeNodeDriver("nGDJ.....")
>>> z.list_nodes()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "libcloud/drivers/linode.py", line 232, in list_nodes
    data = self.connection.request(LINODE_ROOT, params=params).objects[0]
  File "libcloud/base.py", line 484, in request
    headers=headers)
  File "/usr/lib/python2.7/httplib.py", line 946, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 803, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 755, in send
    self.connect()
  File "libcloud/httplib_ssl.py", line 50, in connect
    if not self._verify_hostname(self.host, cert):
  File "libcloud/httplib_ssl.py", line 57, in _verify_hostname
    if (hostname == common_name) or hostname in alt_names:
TypeError: argument of type 'NoneType' is not iterable
>>>

Looks like alt_names is None?

J

Re: [libcloud] SSL certs checking

Posted by Tomaž Muraus <to...@cloudkick.com>.

Hello,

sorry for a late response, I have had a busy week.

I have made a few modification to your patch, namely if M2Crypto library is
not available, it uses a custom HTTPS connection module which verifies the
server certificate.

This means that SSL certificate verification can also be used if the
M2Crypto library is not available.

Note: It looks like if you try to install the M2Crypto library on Unix using
pip it fails, because it downloads the Windows package by default (it works
fine if you install it manually using setup.py or install a .deb package if
you are on Ubuntu / Debain).

Now someone from the commit team needs to look at the patch and merge it
into trunk.

Tomaž

On Sat, Nov 13, 2010 at 12:55 AM, Pietro Battiston <me...@pietrobattiston.it>wrote:

> Il giorno ven, 12/11/2010 alle 17.54 -0500, Tom Davis ha scritto:
> > >
> > > As already said, I have never used libcloud and maybe should hence not
> > > care that much, but I still want you to notice that it will probably be
> > > removed from Debian if the bug is not fixed:
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
> >
> >
> > If we're going to get kicked from repos for this, I think it's time to
> drop
> > the "dependencies are generically bad" thing and fix this issue. It
> doesn't
> > seem like we would even need to explicitly *require* M2Crypto
>
> The patch I proposed doesn't.
>
> Pietro
>
>
> >  (though, IMO,
> > we might as well since it's on pypi).
> >
> > On Fri, Nov 12, 2010 at 5:05 PM, Pietro Battiston <me@pietrobattiston.it
> >wrote:
> >
> > > Il giorno lun, 08/11/2010 alle 19.40 +0100, Pietro Battiston ha
> scritto:
> > > > Il giorno lun, 08/11/2010 alle 11.18 +0100, Tomaž Muraus ha scritto:
> > > > > Hello,
> > > > >
> > > > > A user has already created an issue on Jira about this[1] some time
> ago
> > > and
> > > > > because the root issue is in the Python module only a warning has
> been
> > > added
> > > > > to the README.
> > > > >
> > > > > I still personally think that the better solution would to fix the
> > > problem
> > > > > and subclass the HTTPSConnection class and manually check the
> hostname
> > > or
> > > > > switch to the M2Crypto library like you have suggested.
> > > > >
> > > > > Only problem with switching to the M2Crypto library is that it adds
> an
> > > extra
> > > > > dependency.
> > > >
> > > >
> > > > Sure. Hence, using M2Crypto if available and printing a warning
> > > > otherwise is to my eyes the optimum.
> > > >
> > > > That's what I'm doing in the attached patch (from "svn diff" on svn
> > > > trunk).
> > > >
> > > > Would you mind reviewing/testing it? Would you/some other developer
> > > > suggest if there are other places (a quick grep found none) in
> libcloud
> > > > where https connections are made?
> > > >
> > > > thanks a lot
> > > >
> > > > Pietro
> > >
> > >
> > > As already said, I have never used libcloud and maybe should hence not
> > > care that much, but I still want you to notice that it will probably be
> > > removed from Debian if the bug is not fixed:
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
> > >
> > > bye
> > >
> > > Pietro
> > >
> > >
> > > >
> > > > >
> > > > > [1]: https://issues.apache.org/jira/browse/LIBCLOUD-55
> > > > >
> > > > > On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <
> > > me@pietrobattiston.it>wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > I' coping with bug
> > > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> > > > > > and it seems the only upstream reference to it is
> > > > > >
> > > > > >
> > >
> http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
> > > > > >
> > > > > > Now, there is no doubt that it's indeed an annoying thing, and
> that
> > > many
> > > > > > other
> > > > > > projects just fixed it (waiting for python devs doing it). But
> I'm
> > > not
> > > > > > in search of a flame: I just would like to fix it (as a Debian
> patch,
> > > if
> > > > > > you are not interested).
> > > > > >
> > > > > > In a project of mine, the analogous fix took very few lines of
> code:
> > > > > >
> > > > > >
> > > > > >
> > >
> http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
> > > > > >
> > > > > > and I would be happy to try to do the same on libcloud, though I
> > > > > > perfectly know it will be slightly harder.
> > > > > >
> > > > > > But the main point is: I never used this library, neither have an
> > > > > > account on any cloud provider, so I would totally appreciate if
> some
> > > dev
> > > > > > or at least user could cooperate with me. Feel free to answer in
> > > mailing
> > > > > > list of contact me privately.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Pietro Battiston
> > > > > >
> > > > > >
> > > >
> > >
> > >
> > >
>
>
>

Re: [libcloud] SSL certs checking

Posted by Pietro Battiston <me...@pietrobattiston.it>.

Il giorno ven, 12/11/2010 alle 17.54 -0500, Tom Davis ha scritto:
> >
> > As already said, I have never used libcloud and maybe should hence not
> > care that much, but I still want you to notice that it will probably be
> > removed from Debian if the bug is not fixed:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
> 
> 
> If we're going to get kicked from repos for this, I think it's time to drop
> the "dependencies are generically bad" thing and fix this issue. It doesn't
> seem like we would even need to explicitly *require* M2Crypto

The patch I proposed doesn't.

Pietro


>  (though, IMO,
> we might as well since it's on pypi).
> 
> On Fri, Nov 12, 2010 at 5:05 PM, Pietro Battiston <me...@pietrobattiston.it>wrote:
> 
> > Il giorno lun, 08/11/2010 alle 19.40 +0100, Pietro Battiston ha scritto:
> > > Il giorno lun, 08/11/2010 alle 11.18 +0100, Tomaž Muraus ha scritto:
> > > > Hello,
> > > >
> > > > A user has already created an issue on Jira about this[1] some time ago
> > and
> > > > because the root issue is in the Python module only a warning has been
> > added
> > > > to the README.
> > > >
> > > > I still personally think that the better solution would to fix the
> > problem
> > > > and subclass the HTTPSConnection class and manually check the hostname
> > or
> > > > switch to the M2Crypto library like you have suggested.
> > > >
> > > > Only problem with switching to the M2Crypto library is that it adds an
> > extra
> > > > dependency.
> > >
> > >
> > > Sure. Hence, using M2Crypto if available and printing a warning
> > > otherwise is to my eyes the optimum.
> > >
> > > That's what I'm doing in the attached patch (from "svn diff" on svn
> > > trunk).
> > >
> > > Would you mind reviewing/testing it? Would you/some other developer
> > > suggest if there are other places (a quick grep found none) in libcloud
> > > where https connections are made?
> > >
> > > thanks a lot
> > >
> > > Pietro
> >
> >
> > As already said, I have never used libcloud and maybe should hence not
> > care that much, but I still want you to notice that it will probably be
> > removed from Debian if the bug is not fixed:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
> >
> > bye
> >
> > Pietro
> >
> >
> > >
> > > >
> > > > [1]: https://issues.apache.org/jira/browse/LIBCLOUD-55
> > > >
> > > > On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <
> > me@pietrobattiston.it>wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > I' coping with bug
> > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> > > > > and it seems the only upstream reference to it is
> > > > >
> > > > >
> > http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
> > > > >
> > > > > Now, there is no doubt that it's indeed an annoying thing, and that
> > many
> > > > > other
> > > > > projects just fixed it (waiting for python devs doing it). But I'm
> > not
> > > > > in search of a flame: I just would like to fix it (as a Debian patch,
> > if
> > > > > you are not interested).
> > > > >
> > > > > In a project of mine, the analogous fix took very few lines of code:
> > > > >
> > > > >
> > > > >
> > http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
> > > > >
> > > > > and I would be happy to try to do the same on libcloud, though I
> > > > > perfectly know it will be slightly harder.
> > > > >
> > > > > But the main point is: I never used this library, neither have an
> > > > > account on any cloud provider, so I would totally appreciate if some
> > dev
> > > > > or at least user could cooperate with me. Feel free to answer in
> > mailing
> > > > > list of contact me privately.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Pietro Battiston
> > > > >
> > > > >
> > >
> >
> >
> >

Re: [libcloud] SSL certs checking

Posted by Tom Davis <to...@dislocatedday.com>.

>
> As already said, I have never used libcloud and maybe should hence not
> care that much, but I still want you to notice that it will probably be
> removed from Debian if the bug is not fixed:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30


If we're going to get kicked from repos for this, I think it's time to drop
the "dependencies are generically bad" thing and fix this issue. It doesn't
seem like we would even need to explicitly *require* M2Crypto (though, IMO,
we might as well since it's on pypi).

On Fri, Nov 12, 2010 at 5:05 PM, Pietro Battiston <me...@pietrobattiston.it>wrote:

> Il giorno lun, 08/11/2010 alle 19.40 +0100, Pietro Battiston ha scritto:
> > Il giorno lun, 08/11/2010 alle 11.18 +0100, Tomaž Muraus ha scritto:
> > > Hello,
> > >
> > > A user has already created an issue on Jira about this[1] some time ago
> and
> > > because the root issue is in the Python module only a warning has been
> added
> > > to the README.
> > >
> > > I still personally think that the better solution would to fix the
> problem
> > > and subclass the HTTPSConnection class and manually check the hostname
> or
> > > switch to the M2Crypto library like you have suggested.
> > >
> > > Only problem with switching to the M2Crypto library is that it adds an
> extra
> > > dependency.
> >
> >
> > Sure. Hence, using M2Crypto if available and printing a warning
> > otherwise is to my eyes the optimum.
> >
> > That's what I'm doing in the attached patch (from "svn diff" on svn
> > trunk).
> >
> > Would you mind reviewing/testing it? Would you/some other developer
> > suggest if there are other places (a quick grep found none) in libcloud
> > where https connections are made?
> >
> > thanks a lot
> >
> > Pietro
>
>
> As already said, I have never used libcloud and maybe should hence not
> care that much, but I still want you to notice that it will probably be
> removed from Debian if the bug is not fixed:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30
>
> bye
>
> Pietro
>
>
> >
> > >
> > > [1]: https://issues.apache.org/jira/browse/LIBCLOUD-55
> > >
> > > On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <
> me@pietrobattiston.it>wrote:
> > >
> > > > Hello,
> > > >
> > > > I' coping with bug
> > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> > > > and it seems the only upstream reference to it is
> > > >
> > > >
> http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
> > > >
> > > > Now, there is no doubt that it's indeed an annoying thing, and that
> many
> > > > other
> > > > projects just fixed it (waiting for python devs doing it). But I'm
> not
> > > > in search of a flame: I just would like to fix it (as a Debian patch,
> if
> > > > you are not interested).
> > > >
> > > > In a project of mine, the analogous fix took very few lines of code:
> > > >
> > > >
> > > >
> http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
> > > >
> > > > and I would be happy to try to do the same on libcloud, though I
> > > > perfectly know it will be slightly harder.
> > > >
> > > > But the main point is: I never used this library, neither have an
> > > > account on any cloud provider, so I would totally appreciate if some
> dev
> > > > or at least user could cooperate with me. Feel free to answer in
> mailing
> > > > list of contact me privately.
> > > >
> > > > Thanks
> > > >
> > > > Pietro Battiston
> > > >
> > > >
> >
>
>
>

Re: [libcloud] SSL certs checking

Posted by Pietro Battiston <me...@pietrobattiston.it>.

Il giorno lun, 08/11/2010 alle 19.40 +0100, Pietro Battiston ha scritto:
> Il giorno lun, 08/11/2010 alle 11.18 +0100, Tomaž Muraus ha scritto:
> > Hello,
> > 
> > A user has already created an issue on Jira about this[1] some time ago and
> > because the root issue is in the Python module only a warning has been added
> > to the README.
> > 
> > I still personally think that the better solution would to fix the problem
> > and subclass the HTTPSConnection class and manually check the hostname or
> > switch to the M2Crypto library like you have suggested.
> > 
> > Only problem with switching to the M2Crypto library is that it adds an extra
> > dependency.
> 
> 
> Sure. Hence, using M2Crypto if available and printing a warning
> otherwise is to my eyes the optimum.
> 
> That's what I'm doing in the attached patch (from "svn diff" on svn
> trunk).
> 
> Would you mind reviewing/testing it? Would you/some other developer
> suggest if there are other places (a quick grep found none) in libcloud
> where https connections are made?
> 
> thanks a lot
> 
> Pietro


As already said, I have never used libcloud and maybe should hence not
care that much, but I still want you to notice that it will probably be
removed from Debian if the bug is not fixed:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463#30

bye

Pietro


> 
> > 
> > [1]: https://issues.apache.org/jira/browse/LIBCLOUD-55
> > 
> > On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <me...@pietrobattiston.it>wrote:
> > 
> > > Hello,
> > >
> > > I' coping with bug
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> > > and it seems the only upstream reference to it is
> > >
> > > http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
> > >
> > > Now, there is no doubt that it's indeed an annoying thing, and that many
> > > other
> > > projects just fixed it (waiting for python devs doing it). But I'm not
> > > in search of a flame: I just would like to fix it (as a Debian patch, if
> > > you are not interested).
> > >
> > > In a project of mine, the analogous fix took very few lines of code:
> > >
> > >
> > > http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
> > >
> > > and I would be happy to try to do the same on libcloud, though I
> > > perfectly know it will be slightly harder.
> > >
> > > But the main point is: I never used this library, neither have an
> > > account on any cloud provider, so I would totally appreciate if some dev
> > > or at least user could cooperate with me. Feel free to answer in mailing
> > > list of contact me privately.
> > >
> > > Thanks
> > >
> > > Pietro Battiston
> > >
> > >
>

Re: [libcloud] SSL certs checking

Posted by Pietro Battiston <me...@pietrobattiston.it>.

Il giorno lun, 08/11/2010 alle 11.18 +0100, Tomaž Muraus ha scritto:
> Hello,
> 
> A user has already created an issue on Jira about this[1] some time ago and
> because the root issue is in the Python module only a warning has been added
> to the README.
> 
> I still personally think that the better solution would to fix the problem
> and subclass the HTTPSConnection class and manually check the hostname or
> switch to the M2Crypto library like you have suggested.
> 
> Only problem with switching to the M2Crypto library is that it adds an extra
> dependency.


Sure. Hence, using M2Crypto if available and printing a warning
otherwise is to my eyes the optimum.

That's what I'm doing in the attached patch (from "svn diff" on svn
trunk).

Would you mind reviewing/testing it? Would you/some other developer
suggest if there are other places (a quick grep found none) in libcloud
where https connections are made?

thanks a lot

Pietro

> 
> [1]: https://issues.apache.org/jira/browse/LIBCLOUD-55
> 
> On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <me...@pietrobattiston.it>wrote:
> 
> > Hello,
> >
> > I' coping with bug
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> > and it seems the only upstream reference to it is
> >
> > http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
> >
> > Now, there is no doubt that it's indeed an annoying thing, and that many
> > other
> > projects just fixed it (waiting for python devs doing it). But I'm not
> > in search of a flame: I just would like to fix it (as a Debian patch, if
> > you are not interested).
> >
> > In a project of mine, the analogous fix took very few lines of code:
> >
> >
> > http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
> >
> > and I would be happy to try to do the same on libcloud, though I
> > perfectly know it will be slightly harder.
> >
> > But the main point is: I never used this library, neither have an
> > account on any cloud provider, so I would totally appreciate if some dev
> > or at least user could cooperate with me. Feel free to answer in mailing
> > list of contact me privately.
> >
> > Thanks
> >
> > Pietro Battiston
> >
> >

Re: [libcloud] SSL certs checking

Posted by Tomaž Muraus <to...@cloudkick.com>.

Hello,

A user has already created an issue on Jira about this[1] some time ago and
because the root issue is in the Python module only a warning has been added
to the README.

I still personally think that the better solution would to fix the problem
and subclass the HTTPSConnection class and manually check the hostname or
switch to the M2Crypto library like you have suggested.

Only problem with switching to the M2Crypto library is that it adds an extra
dependency.

[1]: https://issues.apache.org/jira/browse/LIBCLOUD-55

On Mon, Nov 8, 2010 at 11:00 AM, Pietro Battiston <me...@pietrobattiston.it>wrote:

> Hello,
>
> I' coping with bug
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
> and it seems the only upstream reference to it is
>
> http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E
>
> Now, there is no doubt that it's indeed an annoying thing, and that many
> other
> projects just fixed it (waiting for python devs doing it). But I'm not
> in search of a flame: I just would like to fix it (as a Debian patch, if
> you are not interested).
>
> In a project of mine, the analogous fix took very few lines of code:
>
>
> http://code.google.com/p/galleryremote/source/diff?spec=svn6&r=6&format=side&path=/trunk/galleryremote/gallery.py
>
> and I would be happy to try to do the same on libcloud, though I
> perfectly know it will be slightly harder.
>
> But the main point is: I never used this library, neither have an
> account on any cloud provider, so I would totally appreciate if some dev
> or at least user could cooperate with me. Feel free to answer in mailing
> list of contact me privately.
>
> Thanks
>
> Pietro Battiston
>
>