[pypy-dev] Validate SSL/TLS

Donald Stufft donald at stufft.io
Thu Jan 23 16:17:35 CET 2014 

Apologies as I’ve just recently sub’d to pypy-dev so I don’t know it’s normal
speed and such.

Is there enough here that a patch to do (a) would be a reasonable next step?

On Jan 22, 2014, at 12:45 PM, Donald Stufft <donald at stufft.io> wrote:

> 
> On Jan 22, 2014, at 12:40 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:
> 
>> (a) is a no brainer to me, there's no backwards compatibility concerns here, right?
> 
> Not with PyPy itself, it’d obviously be a difference from CPython itself (you’d need some sort of boolean toggle to turn it on and off that wouldn’t expect in CPython 2.7) but that could default to False and if someone doesn’t use it they’d get the same behavior as previous versions of PyPy and the same as CPython 2.7.
> 
> Obviously if they did use it then their code would only run on PyPy.
> 
>> 
>> I'm +1 on (b) as well, but let's get (a) done first. I think we need to be being proactive in protecting our users, and the fact that CPython's core devs are playing fast and loose with security (particular on Py2) is no excuse.
>> 
>> Alex
>> 
>> 
>> On Wed, Jan 22, 2014 at 11:37 AM, Donald Stufft <donald at stufft.io> wrote:
>> Hey there!
>> 
>> So I’d like SSL/TLS in Python to be better and at the prompting of Alex I’m opening this thread to discuss the possibility of incorporating some of these changes into PyPy.
>> 
>> Basically it boils down to is PyPy willing to:
>> 
>> a) Have SSL hostname validation back ported to it
>> b) Have that turned on by default
>> 
>> -----------------
>> Donald Stufft
>> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>> 
>> 
>> _______________________________________________
>> pypy-dev mailing list
>> pypy-dev at python.org
>> https://mail.python.org/mailman/listinfo/pypy-dev
>> 
>> 
>> 
>> 
>> -- 
>> "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
>> "The people's good is the highest law." -- Cicero
>> GPG Key fingerprint: 125F 5C67 DFE9 4084
> 
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pypy-dev/attachments/20140123/4b9513a9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/pypy-dev/attachments/20140123/4b9513a9/attachment-0001.sig>

More information about the pypy-dev mailing list