[Zope-dev] zc.ssl ca chain

Patrick Strawderman patrick at zope.com
Fri Jan 25 18:57:21 UTC 2013


I am not able to reproduce using zc.ssl 1.2:

>>> import zc.ssl
>>> 
>>> conn = zc.ssl.HTTPSConnection("test.authorize.net")
>>> conn.connect()
>>> conn.request("GET", "/")
>>> conn.getresponse().status
200

>>> conn = zc.ssl.HTTPSConnection("secure.authorize.net")
>>> conn.connect()
>>> conn.request("GET", "/")
>>> conn.getresponse().status
200

Using zc.ssl's certs.pem file with the requests package works as well; maybe you're running
into some other issue?

On Jan 25, 2013, at 12:22 PM, Senner, Talin wrote:

> It's that the current certs.pem doesn't contain the updated chain for test.authorize.net/secure.authorize.net etc.  Using the current will throw an ssl error.  
> 
> I've fixed my local instance of this using the local system certificate chain.
> 
> For the future i'll let the developers know that zc.ssl is deprecated.
> 
> Thanks again.
> 
> Talin
> 
> On Fri, Jan 25, 2013 at 11:16 AM, Jim Fulton <jim at zope.com> wrote:
> On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton <jim at zope.com> wrote:
> > On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin <senner at wildcardcorp.com> wrote:
> >> Would someone that has access be able to update zc.ssl and release a new
> >> version:
> >>
> >> http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem
> >>
> >> with a new version of ca root certificates (something say from a latest
> >> linux release from /etc/ssl ). The current cert chain is over 5 years  old.
> 
> The certificates in zc.ssl haven't changed.
> 
> > I'll take care of this.  Note that we (ZC) will likely move to requests and
> > stop maintaining zc.ssl.
> 
> There's nothing to do at this point.  If you want more root CAs, I suggest
> using requests, or forking zc.ssl and adding certs to your fork.
> 
> Jim
> 
> --
> Jim Fulton
> http://www.linkedin.com/in/jimfulton
> Jerky is better than bacon! http://zo.pe/Kqm
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev at zope.org
> https://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope )

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.zope.org/pipermail/zope-dev/attachments/20130125/6d5f1d33/attachment-0001.html>


More information about the Zope-Dev mailing list