[New-bugs-announce] [issue10795] standard library do not use ssl as recommended

Mads Kiilerich report at bugs.python.org
Thu Dec 30 02:42:40 CET 2010

New submission from Mads Kiilerich <mads at kiilerich.com>:

As discussed on issue1589 it is now possible to create decent ssl connections with the ssl module - assuming ca_certs is specified and it is checked that the certificates matches.

The standard library do however neither do that nor make it possible to do it in the places where it uses ssl. For example smtplib starttls do not make it possible at all to specify ca_certs.

I suggest all uses of ssl should be reviewed - and fixed if necessary. The documentation should also be improved to make it clear what is necessary to create "secure" connections.

components: Library (Lib)
messages: 124898
nosy: kiilerix, pitrou
priority: normal
severity: normal
status: open
title: standard library do not use ssl as recommended
versions: Python 2.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list