Would someone that has access be able to update zc.ssl and release a new version: http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old. Thank you! Talin Senner Wildcard Corp. http://www.wildcardcorp.com Secure Web CMS Hosting - CDN - DNS - IPv6 Security.Technology.Solutions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/25/2013 11:22 AM, Senner, Talin wrote:
Would someone that has access be able to update zc.ssl and release a new version:
http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem
with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old.
That package appears to have been maintained last by Zvezdan Petkovic. I have CC'ed his ZC address, although I am not certain he is still at ZC. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlECuQEACgkQ+gerLs4ltQ7x/gCeN2sIfcsi1CBLyEboxrejpB8L lq8AoM+/EBHSHeWidy43r3C1QYrc+yZr =UMfd -----END PGP SIGNATURE-----
On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin <senner@wildcardcorp.com> wrote:
Would someone that has access be able to update zc.ssl and release a new version:
http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem
with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old.
I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm
On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton <jim@zope.com> wrote:
On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin <senner@wildcardcorp.com> wrote:
Would someone that has access be able to update zc.ssl and release a new version:
http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem
with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old.
The certificates in zc.ssl haven't changed.
I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl.
There's nothing to do at this point. If you want more root CAs, I suggest using requests, or forking zc.ssl and adding certs to your fork. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm
It's that the current certs.pem doesn't contain the updated chain for test.authorize.net/secure.authorize.net etc. Using the current will throw an ssl error. I've fixed my local instance of this using the local system certificate chain. For the future i'll let the developers know that zc.ssl is deprecated. Thanks again. Talin On Fri, Jan 25, 2013 at 11:16 AM, Jim Fulton <jim@zope.com> wrote:
On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton <jim@zope.com> wrote:
On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin <senner@wildcardcorp.com> wrote:
Would someone that has access be able to update zc.ssl and release a new version:
http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem
with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old.
The certificates in zc.ssl haven't changed.
I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl.
There's nothing to do at this point. If you want more root CAs, I suggest using requests, or forking zc.ssl and adding certs to your fork.
Jim
-- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm
I am not able to reproduce using zc.ssl 1.2:
import zc.ssl
conn = zc.ssl.HTTPSConnection("test.authorize.net") conn.connect() conn.request("GET", "/") conn.getresponse().status 200
conn = zc.ssl.HTTPSConnection("secure.authorize.net") conn.connect() conn.request("GET", "/") conn.getresponse().status 200
Using zc.ssl's certs.pem file with the requests package works as well; maybe you're running into some other issue? On Jan 25, 2013, at 12:22 PM, Senner, Talin wrote:
It's that the current certs.pem doesn't contain the updated chain for test.authorize.net/secure.authorize.net etc. Using the current will throw an ssl error.
I've fixed my local instance of this using the local system certificate chain.
For the future i'll let the developers know that zc.ssl is deprecated.
Thanks again.
Talin
On Fri, Jan 25, 2013 at 11:16 AM, Jim Fulton <jim@zope.com> wrote: On Fri, Jan 25, 2013 at 12:00 PM, Jim Fulton <jim@zope.com> wrote:
On Fri, Jan 25, 2013 at 11:22 AM, Senner, Talin <senner@wildcardcorp.com> wrote:
Would someone that has access be able to update zc.ssl and release a new version:
http://svn.zope.org/zc.ssl/trunk/src/zc/ssl/certs.pem
with a new version of ca root certificates (something say from a latest linux release from /etc/ssl ). The current cert chain is over 5 years old.
The certificates in zc.ssl haven't changed.
I'll take care of this. Note that we (ZC) will likely move to requests and stop maintaining zc.ssl.
There's nothing to do at this point. If you want more root CAs, I suggest using requests, or forking zc.ssl and adding certs to your fork.
Jim
-- Jim Fulton http://www.linkedin.com/in/jimfulton Jerky is better than bacon! http://zo.pe/Kqm
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
participants (4)
-
Jim Fulton -
Patrick Strawderman -
Senner, Talin -
Tres Seaver