Message10233

Author zyasoft
Recipients zyasoft
Date 2015-09-04.17:54:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1441389242.69.0.935574924694.issue2390@psf.upfronthosting.co.za>
In-reply-to
Content 
After upgrading the current release of pip from the bundled wheel specific to Jython 2.7.0, we get problems like the following:

$ dist/bin/jython -m pip install nose
Collecting nose
/Users/jbaker/jythondev/jython27/dist/Lib/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:84: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
...

I should point out that Jython is in fact *secure*, and uses the CAs bundled as part of the Java release, so this is a false positive. But we can readily fix by supporting SSLContext. There are other advantages, including SSLContext avoids reading CA cert files on every verified SSL connection.
History
Date User Action Args
2015-09-04 17:54:02zyasoftsetmessageid: <1441389242.69.0.935574924694.issue2390@psf.upfronthosting.co.za>
2015-09-04 17:54:02zyasoftsetrecipients: + zyasoft
2015-09-04 17:54:02zyasoftlinkissue2390 messages
2015-09-04 17:54:02zyasoftcreate

Supported by Python Software Foundation,
Powered by Roundup