Created attachment 209050 [details] py-elasticsearch5-prepare-for-urllib3-1.25.patch Hi elastic@ team, attached is a patch that fixes the "verify_certs=False" behavior for net/py-urllib >= 1.25 because that version has SSL certificate verification enabled by default. The patch for "elasticsearch/connection/http_urllib3.py" was fixed by upstream in release 7.0.5 and was backported from there. This change needs also to be MFH'ed because the 1.25.x release of net/py-urllib3 is going to be merged into the 2019Q4 branch. QA: ~~~ - poudriere (11.3-RELEASE amd64) for each py27 + py36 flavor -> OK - "make test" without a ElasticSearch 5 server -> OK
A commit references this bug: Author: kai Date: Mon Nov 25 17:18:36 UTC 2019 New revision: 518410 URL: https://svnweb.freebsd.org/changeset/ports/518410 Log: textproc/py-elasticsearch5: Prepare for urllib3 >= 1.25 * Backport a patch from the 7.x branch of upstream repository that fixes a possible runtime issue with urllib3 1.25 [1] since that release verifies SSL certificates by default. Disabling SSL certificate verification via "verify_certs" in elasticsearch won't work then as expected thus set "cert_reqs=CERT_NONE" explicitly to restore that behavior. PR: 241875, 229322 [1] Approved by: maintainer timeout (elastic, 14 days) MFH: 2019Q4 Changes: head/textproc/py-elasticsearch5/Makefile head/textproc/py-elasticsearch5/files/patch-elasticsearch_connection_http__urllib3.py
MFH'ing the changes to the 2019Q4 branch is obsolete because the urllib 1.25.6 release didn't get the approval to land in that branch. Thus closing this PR as all required actions are done.