lazr.restfulclient

Merge lp:~james-w/lazr.restfulclient/use-system-ca-certs into lp:lazr.restfulclient

use-system-ca-certs
Merge into trunk

Proposed by James Westby on 2012-12-06

Status:	Merged
Approved by:	j.c.sackett on 2012-12-06
Approved revision:	134
Merged at revision:	134
Proposed branch:	lp:~james-w/lazr.restfulclient/use-system-ca-certs
Merge into:	lp:lazr.restfulclient
Diff against target:	48 lines (+19/-1) 2 files modified src/lazr/restfulclient/NEWS.txt (+14/-0) src/lazr/restfulclient/_browser.py (+5/-1)
To merge this branch:	bzr merge lp:~james-w/lazr.restfulclient/use-system-ca-certs
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
j.c.sackett (community)		2012-12-06	Approve on 2012-12-06
Review via email: mp+138520@code.launchpad.net

Commit Message

Override the ca certs path for httplib2 to Ubuntu's system certs.

Description of the Change

Hi,

This should allow launchpadlib to be used on Ubuntu when the Ubuntu patched httplib2
isn't in use. I need this for oops.canonical.com as it is using httplib2 from
buildout.

The NEWS file should explain the rationale.

Thanks,

James

j.c.sackett (jcsackett) wrote on 2012-12-06:

Looks good, James.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

James Westby

Launchpad code reviewers from Canonical

Leonard Richardson

 === modified file 'src/lazr/restfulclient/NEWS.txt'
 --- src/lazr/restfulclient/NEWS.txt	2012-09-26 07:36:18 +0000
 +++ src/lazr/restfulclient/NEWS.txt	2012-12-06 17:26:20 +0000
@@ -2,6 +2,20 @@
  NEWS for lazr.restfulclient
  ===========================
++0.13.2 (2012-12-06)
++===================
++
++  - lazr.restfulclient is almost exclusively used with launchpad.net,
++    but httplib2's cert bundle doesn't include launchpad's CA. Therefore
++    with the default setup launchpadlib doesn't work unless cert checking
++    is disabled. This is mitigated by the fact that Ubuntu carries a patch
++    to httplib2 to make it use the system CA certs. This release makes that
++    the default approach in lazr.restfulclient so that launchpad.net can be
++    used by anyone with the Debian/Ubuntu CA certs path
++    (/etc/ssl/certs/ca-certificates.crt), regardless of whether they are
++    using Ubuntu's patched version of httplib2. Any platforms that don't have
++    that path remain broken.
++
 .13.1 (2012-09-26)
  ===================
 === modified file 'src/lazr/restfulclient/_browser.py'
 --- src/lazr/restfulclient/_browser.py	2012-06-19 11:43:54 +0000
 +++ src/lazr/restfulclient/_browser.py	2012-12-06 17:26:20 +0000
@@ -110,6 +110,9 @@
          os.environ.get('LP_DISABLE_SSL_CERTIFICATE_VALIDATION', False))
++SYSTEM_CA_CERTS = '/etc/ssl/certs/ca-certificates.crt'
++
++
  class RestfulHttp(Http):
      """An Http subclass with some custom behavior.
@@ -125,7 +128,8 @@
          cert_disabled = ssl_certificate_validation_disabled()
          super(RestfulHttp, self).__init__(
              cache, timeout, proxy_info,
--            disable_ssl_certificate_validation=cert_disabled)
++            disable_ssl_certificate_validation=cert_disabled,
++            ca_certs=SYSTEM_CA_CERTS)
          self.authorizer = authorizer
          if self.authorizer is not None:
              self.authorizer.authorizeSession(self)