[ARVADOS] created: 1.3.0-2604-gabdcc90b1
Git user
git at public.arvados.org
Thu May 21 13:52:46 UTC 2020
at abdcc90b12348e7406abb63a9583653375f1c729 (commit)
commit abdcc90b12348e7406abb63a9583653375f1c729
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Thu May 21 09:51:03 2020 -0400
16419: Use CAINFO instead of CAPATH
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/sdk/python/arvados/keep.py b/sdk/python/arvados/keep.py
index 9601601d4..bc43b849c 100644
--- a/sdk/python/arvados/keep.py
+++ b/sdk/python/arvados/keep.py
@@ -376,7 +376,7 @@ class KeepClient(object):
if self.insecure:
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
else:
- curl.setopt(pycurl.CAPATH,os.path.dirname(arvados.util.ca_certs_path()))
+ curl.setopt(pycurl.CAINFO, arvados.util.ca_certs_path())
if method == "HEAD":
curl.setopt(pycurl.NOBODY, True)
self._setcurltimeouts(curl, timeout, method=="HEAD")
@@ -476,7 +476,7 @@ class KeepClient(object):
if self.insecure:
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
else:
- curl.setopt(pycurl.CAPATH,os.path.dirname(arvados.util.ca_certs_path()))
+ curl.setopt(pycurl.CAINFO, arvados.util.ca_certs_path())
self._setcurltimeouts(curl, timeout)
try:
curl.perform()
commit 5fcca42249b8b35f50beb9ed4c51d090d76c1767
Author: Pjotr Prins <pjotr.public01 at thebird.nl>
Date: Wed May 20 14:35:54 2020 -0500
keep.py: python-api https certificate align pycurl with httplib2 certificate finder
Arvados-DCO-1.1-Signed-off-by: Pjotr Prins <pjotr.public01 at thebird.nl>
diff --git a/sdk/python/arvados/keep.py b/sdk/python/arvados/keep.py
index 86a28f54c..9601601d4 100644
--- a/sdk/python/arvados/keep.py
+++ b/sdk/python/arvados/keep.py
@@ -375,6 +375,8 @@ class KeepClient(object):
curl.setopt(pycurl.HEADERFUNCTION, self._headerfunction)
if self.insecure:
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
+ else:
+ curl.setopt(pycurl.CAPATH,os.path.dirname(arvados.util.ca_certs_path()))
if method == "HEAD":
curl.setopt(pycurl.NOBODY, True)
self._setcurltimeouts(curl, timeout, method=="HEAD")
@@ -473,6 +475,8 @@ class KeepClient(object):
curl.setopt(pycurl.HEADERFUNCTION, self._headerfunction)
if self.insecure:
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
+ else:
+ curl.setopt(pycurl.CAPATH,os.path.dirname(arvados.util.ca_certs_path()))
self._setcurltimeouts(curl, timeout)
try:
curl.perform()
commit fd43686beea061253fc1f936b14d9fa601e73f02
Author: Pjotr Prins <pjotr.public01 at thebird.nl>
Date: Wed May 20 11:12:20 2020 -0500
util.py: python-api https certificate openssl override as is used in GNU Guix
Arvados-DCO-1.1-Signed-off-by: Pjotr Prins <pjotr.public01 at thebird.nl>
diff --git a/sdk/python/arvados/util.py b/sdk/python/arvados/util.py
index dcc0417c1..6c9822e9f 100644
--- a/sdk/python/arvados/util.py
+++ b/sdk/python/arvados/util.py
@@ -396,6 +396,9 @@ def ca_certs_path(fallback=httplib2.CA_CERTS):
it returns the value of `fallback` (httplib2's CA certs by default).
"""
for ca_certs_path in [
+ # SSL_CERT_FILE and SSL_CERT_DIR are openssl overrides - note
+ # that httplib2 itself also supports HTTPLIB2_CA_CERTS.
+ os.environ.get('SSL_CERT_FILE'),
# Arvados specific:
'/etc/arvados/ca-certificates.crt',
# Debian:
@@ -403,7 +406,7 @@ def ca_certs_path(fallback=httplib2.CA_CERTS):
# Red Hat:
'/etc/pki/tls/certs/ca-bundle.crt',
]:
- if os.path.exists(ca_certs_path):
+ if ca_certs_path and os.path.exists(ca_certs_path):
return ca_certs_path
return fallback
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list