On 19 October 2013 22:44, Christian Heimes <christian@python.org> wrote:
Am 19.10.2013 00:56, schrieb Guido van Rossum: A couple of months I had a long and fruitful discussion with MAL about the issue. Egenix PyOpenSSL installer comes with a root CA bundle. He tried a couple of approaches to handle trust settings with OpenSSL means. Eventually MAL had to split up the bundle into multiple files for each purpuse, see http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.2.1.0....
We should *really* write a PEP about it, specify all details and get a proper review from real experts. This stuff is super complex and highly fragile. :(
At the very least, it would be good if you and/or MAL could review the cert verification in pip. PEP 453 makes that kinda important :) Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia