624476 – dev-python/httplib2: Uses own bundled CA Store

Bug 624476 - dev-python/httplib2: Uses own bundled CA Store

Summary: dev-python/httplib2: Uses own bundled CA Store

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Auditing (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Python Gentoo Team

URL:
Whiteboard:
Keywords:	InVCS, PATCH

Depends on:	624450
Blocks:
	Show dependency tree

Reported:	2017-07-10 17:07 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2019-02-20 20:26 UTC (History)
CC List:	1 user (show)

See Also:	624450
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-10 17:07:13 UTC

dev-python/httplib2 uses an own bundled CA Store, this should be unbundled similar to what is being done by debian https://sources.debian.net/src/python-httplib2/0.9.2%2Bdfsg-1/debian/patches/use_system_cacerts.patch/

the patch can be used verbatim, with /etc/ssl/certs/ca-certificates.crt being provided by app-misc/ca-certificates.

This enhances both security, by providing one CA store to maintain properly, and usability (the separate CA store was detected due to issue in bug 624450)

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-11 21:25:37 UTC

PR: https://github.com/gentoo/gentoo/pull/5092

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-13 11:05:16 UTC

Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ebc6fc6c47249c50409be161e37d5584ee51c87

Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-13 18:55:21 UTC

Re-opening as it isn't yet in stable

Comment 4 Virgil Dupras (RETIRED) gentoo-dev

2019-02-20 20:26:42 UTC

httplib2-0.10.3-r1 is now the oldest version in tree and is stable.