What steps will reproduce the problem? 1. A client which uses httplib2

https://github.com/openstack/python-neutronclient/blob/quantumclient/quantumclient/client.py#L102

2. The client is used inside a django app

https://github.com/openstack/horizon/blob/stable/grizzly/openstack_dashboard/api/cinder.py#L54

What is the expected output? What do you see instead?

Apache is unable to read cacerts.txt which contains the wrong permissions, and returning:

[Tue Aug 06 14:19:49 2013] [error] \x1b[31;1mRecoverable error: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib\x1b[0m

$ ls -l /usr/local/lib/python2.7/dist-packages/httplib2/cacerts.txt -rw-r----- 1 root staff 39670 Jul 29 18:05 /usr/local/lib/python2.7/dist-packages/httplib2/cacerts.txt

What version of the product are you using? On what operating system?

• Ubuntu 12.04
• Python 2.7.3
• python-httplib2 0.7.2-1ubuntu2

Here is a snip from stracing apache.

open("/usr/local/lib/python2.7/dist-packages/httplib2/cacerts.txt", O_RDONLY) = -1 EACCES (Permission denied)

This problem occurs when installing via pip.

Same here but on FreeBSD. Just installed the port with portinstall and had the exact same problem. It is not the only file in the directory with 640 permissions. Also PKG-INFO, SOURCES.txt, dependency_links.txt and top-level.txt have the same problem.

It looks like this might be related to installing with sudo. I'm currently pretty ignorant of umasks (and my tests of the behaviour have seemed inconsistent with this) so this might be wrong, but apparently the user umask, which sudo does not make less restrictive, is by default more restrictive than the root one. That would make this a general installer problem that's not specific to this project. See http://stackoverflow.com/questions/11161776/pip-inconsistent-permissions-issues

In my case (installing on FreeBSD via portinstall) sudo was not used, but rather a plain root login. So while sudo might cause its own set of problems it was not the cause in this case.

Btw this problem no longer exists on FreeBSD since it was fixed on

http://svnweb.freebsd.org/ports?view=revision&revision=332074

So back to pip installation problems.

I ran into the same problem on an Ubuntu server, I installed it using "setup.py develop". The file is owned by the user that did the install (ubuntu) but we run the web server as a different user (www-data) who can't read this cacerts.txt file.