use pycurl instead of urllib2 when talking to launchpad to actually get SSL cert verification, see https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210 or CVE-2011-4407 for a previous similar issue in software-properties

library/packaging/apt_repository

@@ -67,7 +67,7 @@ import json
 import os
 import re
 import tempfile
-import urllib2
+import pycurl
 
 try:
     import apt_pkg
@@ -80,6 +80,12 @@ except ImportError:
 
 VALID_SOURCE_TYPES = ('deb', 'deb-src')
 
+class CurlCallback:
+    def __init__(self):
+        self.contents = ''
+
+    def body_callback(self, buf):
+        self.contents = self.contents + buf
 
 class InvalidSource(Exception):
     pass
@@ -250,8 +256,17 @@ class UbuntuSourcesList(SourcesList):
 
     def _get_ppa_info(self, owner_name, ppa_name):
         lp_api = 'https://launchpad.net/api/1.0/~%s/+archive/%s' % (owner_name, ppa_name)
-        connection = urllib2.urlopen(lp_api, timeout=30)
+        callback = CurlCallback()
-        return json.loads(connection.read())
+        curl = pycurl.Curl()
+        curl.setopt(pycurl.SSL_VERIFYPEER, 1)
+        curl.setopt(pycurl.SSL_VERIFYHOST, 2)
+        curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback)
+        curl.setopt(pycurl.URL, str(lp_api))
+        curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
+        curl.perform()
+        curl.close()
+        lp_page = callback.contents
+        return json.loads(lp_page)
 
     def _expand_ppa(self, path):
         ppa = path.split(':')[1]