On Fri, Oct 20, 2017 at 7:45 PM, Simon Sapin wrote:
> However the cafile parameter of urllib2.urlopen() is new in 2.7.9 and I
> don’t know how to feature-test that without making a call and catching some
> exceptions, but that seems fragile. We’re not using the ssl module directly.
>
Could try s
On 19/10/2017 17:40, Gregory Szorc wrote:
CERTIFICATE_VERIFY_FAILED likely means there is no trust chain on the
client for the server x509 certificate. My guess is the Amazon root CA
isn't in the trusted root CA certificates list on that Windows builder. You
can verify this by temporarily disabli
On Thu, Oct 19, 2017 at 4:38 PM, Simon Sapin wrote:
> On 18/10/2017 22:37, Gregory Szorc wrote:
>
>> The latter merely requires an up-to-date trusted CA
>> certificate roots bundle for x509 certificate verification (assuming the
>> client does certificate validation properly - which older version
On 18/10/2017 22:37, Gregory Szorc wrote:
The latter merely requires an up-to-date trusted CA
certificate roots bundle for x509 certificate verification (assuming the
client does certificate validation properly - which older versions of
Python don't unless configured to do so - Python's default s
On 18/10/2017 22:37, Gregory Szorc wrote:
On Wed, Oct 18, 2017 at 10:01 PM, Simon Sapin wrote:
try:
from ssl import HAS_SNI
except ImportError:
HAS_SNI = False
[…]
https://static-rust-lang-org.s3.amazonaws.com/ is what we use at the
moment.
I’ve updated https:
On Wed, Oct 18, 2017 at 10:01 PM, Simon Sapin wrote:
> On 18/10/2017 21:09, Gregory Szorc wrote:
>
>> Having somewhat recently overhauled Mercurial’s TLS code, I can tell
>> you that Python installs without the ssl module additions added in
>> 2.7.9 are still quite common in the wild. I suspect t
On 18/10/2017 21:09, Gregory Szorc wrote:
Having somewhat recently overhauled Mercurial’s TLS code, I can tell
you that Python installs without the ssl module additions added in
2.7.9 are still quite common in the wild. I suspect that requiring
SNI support in the Python client will draw ire from
> On Oct 18, 2017, at 20:31, Simon Sapin wrote:
>
> Servo downloads appropriate versions of Rust and Cargo using Python’s
> urllib2. At some point, https://static.rust-lang.org started requiring TLS
> SNI (I think when it moved to a CDN?) and we had issues with downloads
> failing on CI or o
Can we make the script fail with an error if they don't have the right
version? Maybe with --use-older-python-and-pray they can use to try
anyway. If we just warn they are likely to miss the warning and just
notice it doesn't work, whereas if we fail first, they'll at least
know something is wrong,
9 matches
Mail list logo
