bzr pull does not remember urllib links
Bug #924727 reported by
Klemens Schindler
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Confirmed
|
Medium
|
Unassigned |
Bug Description
When doing a checkout or branch of a https+urllib://... location, future pull commads use https://... (using CURL).
I would expect that the original transport method (https+urllib) would be used for future pull commands. As a workaround I now always have to type the full https+urllib://... when doing pulls.
The reason why it is important to use urllib is that I use bzr-svn and our company has a self-signed certificate. Somehow, when using CURL, the self-signed certificate is not accepted. Additionally I prefer urllib because it seems to be faster than CURL.
tags: | added: check-for-breezy |
To post a comment you must log in.
Short answer: uninstall pycurl.
Longer answer:
bzr < 2.5 urllib implementation does not verify certificates (including
self-signed ones).
http:// pad.lv/ 651161 (part of 2.5b6) implements certificate verification pad.lv/ 920455 (part of 2.5b6) provide sane defaults for CAs
http://
So starting with bzr-2.5b6 you'll be able to use two options to control the
certificate verification:
- ssl.cert_reqs:
Whether to require a certificate from the remote side. (default:required)
Possible values:
* none: Certificates ignored
* required: Certificates required and validated
- ssl.ca_certs:
Path to certification authority certificates to trust.
This should be a valid path to a bundle containing all root Certificate
Authorities used to verify an https server certificate.
Use ssl.cert_reqs=none to disable certificate verification.
So to allow a connection to a self-signed server to succeed you can use:
bzr pull -Ossl.cert_ reqs=None
You may want to define an alias for that if you need both secure and
unsecure https access.
or set ``ssl.ca_certs`` to the path of your server certificate.
http:// pad.lv/ 924220, once fixed patches welcome ;), will allow setting
these options on a per-host basis.
I'll mark this bug as a dupe of 924220, please comment if you find it inappropriate.