Antoine Pitrou added the comment:

Le 05/04/2015 21:26, Marc-Andre Lemburg a écrit :
> 
> But this is only an example of an application not working anymore
> because the system's OpenSSL could not verify certificates.
> In this case, no root CA certs were available. On older systems
> with proper root CA certs, it's likely that the newer CA certs
> needed to verify the PyPI certificates are not installed...
> and yes: those system do exist and are in active use, simply because
> they cannot be upgraded for other reasons :-)

Let's sum it up:

- the machine can't be upgraded, but you are upgrading Python by hand
(hand-compiled?)

- OpenSSL is installed but there are no root CA certs (?!)

- the machine probably isn't ever doing a single verified HTTPS access,
for the previous reason, and nobody cares about it

- you want to be able to use unauthenticated HTTPS to download and
install software from the Internet

And, since this is an AIX machine, I'm presuming this isn't a hobbyist's
setup, but an enterprise system with paid-for support and licenses,
right? And you want the python-dev community to care for that broken
situation by bearing the cost of additional maintenance and security
risk in implementing the new configuration options?

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23857>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to