On 27 November 2015 at 18:47, Cory Benfield cory@lukasa.co.uk wrote:
Perhaps I missed this, Nick, but what happens if multiple third party libraries apply updates to call this function in incompatible ways? For example, if you depend on libfoo which calls ssl._verify_https_certificates(False) and libbar which calls ssl._verify_https_certificates(True)? Is it…last import wins?
Last import wins, but libaries shouldn't be mutating process global state as a side effect of import - like the sys module, the ssl module configuration should only be modified (directly or indirectly) from __main__.
Cheers, Nick.