-----Original Message----- From: Python-Dev [mailto:python-dev- bounces+kristjan=ccpgames.com@python.org] On Behalf Of Nick Coghlan Sent: Wednesday, January 22, 2014 19:45 To: Paul Moore Cc: Python-Dev Subject: Re: [Python-Dev] Enable Hostname and Certificate Chain Validation Right, the browsers have a whole system of "click through" security to make the web (and corporate intranets!) still usable even when they only accept CA signed certs by default. With a programming language, there's no such interactivity, so applications just break and users don't know why.
If not already possible, I suggest that we allow the use of a certificate validation callback (it isn't possible for 2.7, I just hacked in one yesterday to allow me to ignore out-date-failure for certificates.) Using this, it would be possible to e.g. emit warnings when certificiate failures occur, rather than deny connection outright. K