Antoine Pitrou added the comment: Le 05/04/2015 21:26, Marc-Andre Lemburg a écrit : > > But this is only an example of an application not working anymore > because the system's OpenSSL could not verify certificates. > In this case, no root CA certs were available. On older systems > with proper root CA certs, it's likely that the newer CA certs > needed to verify the PyPI certificates are not installed... > and yes: those system do exist and are in active use, simply because > they cannot be upgraded for other reasons :-)
Let's sum it up: - the machine can't be upgraded, but you are upgrading Python by hand (hand-compiled?) - OpenSSL is installed but there are no root CA certs (?!) - the machine probably isn't ever doing a single verified HTTPS access, for the previous reason, and nobody cares about it - you want to be able to use unauthenticated HTTPS to download and install software from the Internet And, since this is an AIX machine, I'm presuming this isn't a hobbyist's setup, but an enterprise system with paid-for support and licenses, right? And you want the python-dev community to care for that broken situation by bearing the cost of additional maintenance and security risk in implementing the new configuration options? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23857> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
