Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allura_issues: use Requests to avoid HTTPS issues. #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

allura_issues: use Requests to avoid HTTPS issues. #4

wants to merge 1 commit into from

Conversation

avm
Copy link

@avm avm commented Jun 1, 2018

The Requests library uses the Certifi list of certificates, so you don't have to install ca-certificates to work with Sourceforge or the likes.
(The downside is, of course, that you have to install Requests.)

@gperciva
Copy link
Owner

gperciva commented Jun 1, 2018

Why is ca-certificates difficult to install? It's more trustworthy than an additional python program.

@avm
Copy link
Author

avm commented Jun 1, 2018 via email

@gperciva
Copy link
Owner

gperciva commented Jun 1, 2018

Good reason to change something! I'd still like a bit more info.

Is this with python 2 or 3? And what version of OSX? I know that the script just calls /usr/bin/python, so that's probably python 2. (Unless Apple did something weird, which wouldn't surprise me.)

For python 3 and OSX 10.11+, it looks like another solution is:
https://stackoverflow.com/a/42334357/7541781

@gperciva
Copy link
Owner

gperciva commented Jun 1, 2018

PS: hmm, casual skimming suggests that this readme does involve installing certifi. So maybe that package is reliable after all.

I'm tentatively ok with this PR, but I'd like a bit more time to think about it. I'm still curious about the python and OSX versions involved, though.

@avm
Copy link
Author

avm commented Jun 4, 2018

I'm on OS X 10.11.6 (El Capitan). With /usr/bin/python (the system-installed Python 2.7), the certificates actually don't even come into play, as Sourceforge.net resets the connection after TLS handshake:

>>> urllib2.urlopen('https://sourceforge.net')
Traceback (most recent call last):
...
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 54] Connection reset by peer>

This does not happen with other sites, so there is probably an incompatibility in the versions of OpenSSL or whatever, I don't see a way to fix it.

With Homebrew-installed Python 2.7, urllib2.urlopen bails with [SSL: CERTIFICATE_VERIFY_FAILED], while requests.get works fine, as expected.

(Didn't test with Python 3, as it does not have urllib2 :-].)

@avm
Copy link
Author

avm commented Jun 4, 2018

This reminds me: it's probably better to use /usr/bin/env python instead of /usr/bin/python (the user has control over the former via his PATH setting, while the latter may well be an immovable part of the system).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@avm @gperciva