On 31 August 2014 21:15, Antoine Pitrou email@example.com wrote:
What do you call your local cert store?
I was referring to Christian's comment
It's very simple to trust a self-signed certificate: just download it and stuff it into the trust store.
From his recent response, I guess he meant the system store, and he
agrees that this is a bad option.
OK, that's fair, but:
a) Is there really no OS-level personal trust store? I'm thinking of Windows here for my own personal use, but the same question applies elsewhere. b) I doubt my confusion over Christian's response is atypical. Based on what he said, if we hadn't had the subsequent discussion, I would probably have found a way to add a cert to "the store" without understanding the implications. While it's not Python's job to educate users, it would be a shame if its default behaviour led people to make ill-informed decisions.
Maybe an SSL HOWTO would be a useful addition to the docs, if anyone feels motivated to write one.
Regardless, thanks for the education!