Package: python3-debianbts
Version: 4.0.1
Tags: security
This module doesn't verify the server's TLS certificate:
>>> import debianbts
>>> debianbts.set_soap_location("https://self-signed.badssl.com";)
>>> debianbts.get_status(42)
b'<html>\r\n<head><title>405 Not Allowed</title></head>\r\n<body bgcolor="white">\r\n<center><h1>405 Not
Allowed</h1></center>\r\n<hr><center>nginx/1.10.3 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n'
Traceback (most recent call last):
...
File "<stdin>", line 1, in <module>
File "/usr/lib/python3/dist-packages/debianbts/debianbts.py", line 240, in
get_status
reply = soap_client.call("get_status", method_el)
File "/usr/lib/python3/dist-packages/pysimplesoap/client.py", line 257, in
call
response = SimpleXMLElement(self.xml_response, namespace=self.namespace,
File "/usr/lib/python3/dist-packages/pysimplesoap/simplexml.py", line 56,
in __init__
self.__document = xml.dom.minidom.parseString(text)
File "/usr/lib/python3.10/xml/dom/minidom.py", line 2000, in parseString
return expatbuilder.parseString(string)
File "/usr/lib/python3.10/xml/dom/expatbuilder.py", line 925, in
parseString
return builder.parseString(string)
File "/usr/lib/python3.10/xml/dom/expatbuilder.py", line 223, in
parseString
parser.Parse(string, True)
xml.parsers.expat.ExpatError: mismatched tag: line 6, column 2
The server in question doesn't have a valid certificate, so you should
get a certificate error, not an XML parsing error.
For example, with urllib you get:
>>> import urllib.request
>>> urllib.request.urlopen("https://self-signed.badssl.com";)
Traceback (most recent call last):
...
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self-signed certificate (_ssl.c:997)>
-- System Information:
Architecture: i386
Versions of packages python3-debianbts depends on:
ii python3-pysimplesoap 1.16.2-5
ii python3 3.10.6-3
--
Jakub Wilk
