Jan. 22, 2014
11 a.m.
Donald Stufft <donald <at> stufft.io> writes:
I would like to propose that a backwards incompatible change be made to Python to make verification of hostname and certificate chain the default instead of requiring it to be opt in.
I'm overwhelmingly, dramatically +1 on this. There's no good architectural reason to not use the built-in certificate chains by default. I'd like to be in favour of backporting this change to earlier Python versions as well, but it feels too aggressive, even to me.