[issue10441] some stdlib modules need to be updated to handle SSL certificate validation

Antoine Pitrou report at bugs.python.org
Thu Nov 18 17:48:47 CET 2010

Antoine Pitrou <pitrou at free.fr> added the comment:

> > This may not be satisfying to users. For example, our Windows
> > distribution doesn't ship with any certicates (AFAIK); I have no
> > clue where exactly OpenSSL would be looking for them, either.
> > People worried about this problem probably would want a way to
> > fill the list of trusted CA certificates.

Right, this is just a helper in case OpenSSL is configured correctly by
the OS vendor (the OpenSSL packaged by Linux distros usually is).

> Erh, those people can already do this, but the problem is by default
> none are selected.
> IMHO something is probably better than nothing in this case(by default).

We can't change anything *by default* since it would break
compatibility. We can just provide helpers and arguments to make it easy
to switch to a more "secure" behaviour (for some meaning of secure).


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list