-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi! I'm currently trying to get a python-based cli client running which bases its ssl implementation on py25-m2crypto. The latter package has a load_verify_locations() method in SSL/Context.py which takes either a single pem / root cert or a directory of certs. The aforementioned cli client now tries to guess these verify locations by checking for the existence of either /etc/ssl/certs or /etc/pki/tls/cert.pem, which of course both do not exist on OSX. What I've found out on the whole root cert topic (I'm pretty new to this) is that OSX stores the root certs in proprietary binary keychain file(s) under /System/Library/Keychains, which py25-m2crypto can't handle. So the question arises how py25-m2crypto could either be made to accept this keychain format or how this has been handled for other ports / parts in MacPorts. (I guess internally py25-m2crypto also only uses openssl somehow and I hope there is already a solution for this.) Patching the load_verify_locations() step out of the cli clients code will work temporarily, until of course I get an openssl prompt which asks me if I want to accept the (for openssl) unknown, but valid remote site certificate for which it misses a root cert... Any hints? Thanks in advance, Thomas. - -- GPG-Key 0x160D1092 | [email protected] | http://thomaskeller.biz Please note that according to the EU law on data retention, information on every electronic information exchange might be retained for a period of six months or longer: http://www.vorratsdatenspeicherung.de/?lang=en -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksi4fgACgkQaf7NlBYNEJLl+QCdGItmij0LQnMgHy/XTqh4ToRS c28AniDdz+Dq12IRd5As/8e9FlGR94T/ =cXqj -----END PGP SIGNATURE----- _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
