[New-bugs-announce] [issue13655] Python SSL stack doesn't have a default CA Store
report at bugs.python.org
Fri Dec 23 11:18:54 CET 2011
New submission from naif <naif at globaleaks.org>:
For the certificate store:
Can we eventually agree to bind a default CA-store to a Mozilla verified one?
Mozilla in handling Firefox does a great job in keeping CA-store up-to-date.
Integrating default mozilla CA-store with Python builds could be a nice way, it's just a matter of integrating into the build-system the download/fetching of default Mozilla store.
At least the language base it's default on a trusted entity to manage, cross-platform, the CA-store for TLS/SSL.
The mainteinance of the CA-store would be delegated to Mozilla that has been demonstrated to be independent and very security conscious, removing dirty CA-store (like Diginotar after Iranian compromise).
That way 90% of case of of SSL/TLS certificate validation will be managed and by default it would be possible to enable secure SSL/TLS client checking like described in http://bugs.python.org/issue13647 .
components: Library (Lib)
title: Python SSL stack doesn't have a default CA Store
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce