On 1/01/2015 8:22 PM, possnfiffer wrote: > I run FreeBSD 10.1-RELEASE x86_64. The last two updates for python2.7_2.2 I > saw were Dec 22nd and Oct 10 (I believe) the Dec update is where I started > having issues with my SABnzbdplus and SickBeard python scripts. > > I wrote the following in hopes that readers searching for a fix to https not > loading with your FreeBSD python scripts, like I was, will find the > following useful to get their systems in working order. > > Yo, > The latest version of python changed it's defaults and now it looks for CA > certificate in /etc/ssl/cert.pem >
More precisely, Python uses OpenSSL's SSL_CTX_load_verify_locations function to find certificates. It does not maintain a list of locations internally. For FreeBSD's base OpenSSL, this is /etc/ssl/cert.pem For FreeBSD's Ports OpenSSL, this is /usr/local/openssl/cert.pem I have opened a new issue to address Python (and other software) using OpenSSL from Ports here that has more detail here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431 Please add your +1 to it. Seriously. If you want to see Python (and other software) using OpenSSL from Base fixed, add your +1 to it, seriously: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189811 The latter issue proposed to make the ETCSYMLINK option a default, so people using ports with default options, and those using packages can FINALLY get SSL certificate verification out of the box. ./koobs _______________________________________________ freebsd-python@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
