[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david
report at bugs.python.org
Thu Nov 18 17:34:22 CET 2010
david <db.pub.mail at gmail.com> added the comment:
On 19 November 2010 03:18, Martin v. Löwis <report at bugs.python.org> wrote:
>
> Martin v. Löwis <martin at v.loewis.de> added the comment:
>
>>> The best that could be done is to provide a configuration option (e.g.
>>> global variable) that should be treated as a default value, and then
>>> leave it to people distributing Python to fill out this variable in a
>>> sensible way.
>>
>> Actually, OpenSSL already does a similar thing (see issue10443).
>
> This may not be satisfying to users. For example, our Windows
> distribution doesn't ship with any certicates (AFAIK); I have no
> clue where exactly OpenSSL would be looking for them, either.
> People worried about this problem probably would want a way to
> fill the list of trusted CA certificates.
>
Martin does it matter?
To be honest I don't know about that many client side python windows
applications for which this is a problem for. Maybe I am mistaken. If
this is the case, then how do these projects work at the moment? (or
do they just not care about this...) . However, they could bundle
their own certificates, so I don't see this as an issue.
However, you seem confused here:
" I have no
> clue where exactly OpenSSL would be looking for them, either.
> People worried about this problem probably would want a way to
> fill the list of trusted CA certificates."
Erh, those people can already do this, but the problem is by default
none are selected.
IMHO something is probably better than nothing in this case(by default).
----------
title: some stdlib modules need to be updated to handle SSL certificate validation -> some stdlib modules need to be updated to handle SSL certificate validation
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10441>
_______________________________________
More information about the Python-bugs-list
mailing list