search

jirumiro / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

cacerts.txt is generated from an unmaintained source #253

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
At the top of the bundled cacerts.txt is this text:

# This file contains PEM format certificates generated from
# 
http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.
txt

This file was last updated in 2009 according to the logs there. The currently 
maintained source appears to be here:

# 
http://hg.mozilla.org/mozilla-central/file/tip/security/nss/lib/ckfw/builtins/ce
rtdata.txt

I do understand that httplib2's cacerts.txt is not simply a mechanical 
conversion of the file, but more a collection of very few manually selected 
certs. I am just noting that in addition to the more serious problem of 
httplib2 lacking most certs, the file referenced by the comment is very old and 
unmaintained. This would be a security problem if/when httplib2 robustly 
imports the entire file.

Original issue reported on code.google.com by kenn.kno...@gmail.com on 24 Mar 2013 at 2:08

GoogleCodeExporter commented 8 years ago

Original comment by joe.gregorio@gmail.com on 13 Oct 2013 at 3:10