On Fri, 29 Aug 2014 17:11:35 -0400, Donald Stufft email@example.com wrote:
Sorry I was on my phone and didn’t get to fully reply to this.
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg firstname.lastname@example.org wrote:
It would be good to be able to switch this on or off without having to change the code, e.g. via a command line switch and environment variable; perhaps even controlling whether or not to raise an exception or warning.
I’m on the fence about this, if someone provides a certificate that we can validate against (which can be done without touching the code) then the only thing that really can’t be “fixed” without touching the code is if someone has a certificate that is otherwise invalid (expired, not yet valid, wrong hostname, etc). I’d say if I was voting on this particular thing I’d be -0, I’d rather it didn’t exist but I wouldn’t cry too much if it did.
Especially if you want an accelerated change, there must be a way to *easily* get back to the previous behavior, or we are going to catch a lot of flack. There may be only 7% of public certs that are problematic, but I'd be willing to bet you that there are more not-really-public ones that are critical to day to day operations *somewhere* :)
wget and curl have 'ignore validation' as a command line flag for a reason.