Closed Jan-Marcek closed 8 years ago
Python's lib requests has his own list of trusted CAs. We can't rely on OS trusted list.
method ssl.create_default_context could help to read os certs.
but SSLContext was introduced in 2.7.9,
from http://stackoverflow.com/questions/28228214/ssl-module-object-has-no-attribute-sslcontext.
Debian Wheezy 7 uses older version of python. Debian 8 Jessie uses 2.7.9..
wheezy (oldstable) (python): interactive high-level object-oriented language (default version) 2.7.3-4+deb7u1: all jessie (stable) (python): interactive high-level object-oriented language (default version) 2.7.9-1: amd64 arm64 armel armhf i386 mips mipsel powerpc ppc64el s390x
from https://packages.debian.org/search?keywords=python
urllib2.urlopen
(https://github.com/OpenDataNode/odn-ckancommons/blob/ODN_v1.0.2/odn_ckancommons/ckan_helper.py#L31 ) doesn't support verification in version 2.7.3 from urllib2.html
summary: As I wrote before, certification validation is not supported in the plugin. There are used two libraries: urlib2 and request. urllib2 doesn't even support certification validation. If we want to fix it we have to use Debian 8 Jessie where is higher version of urllib2 which support certification validation.
OK, so this is blocked by upgrade to Debian 8 - see https://github.com/OpenDataNode/open-data-node/issues/238 .
For now, we disabled cert validation in updating resource, because https://github.com/OpenDataNode/open-data-node/issues/261
Now, cert validation is allowed in updating resource.
The problem occoures again: https://github.com/OpenDataNode/open-data-node/issues/261. Now, cert validation is disabled in updating resource.
due to https://github.com/OpenDataNode/odn-box/commit/9cf5b556556282e026a0cc679e7292321dfd28a2 ckanext-odn-ic2pc-sync has to support https.
Now, the certificate validation is disabled when connection is https.
ckanext-odn-ic2pc-sync uses urllib2 and requests. urllib2 by default doesn't do certificate verification but requests does.