[issue10441] some stdlib modules need to be updated to handle SSL certificate validation

david report at bugs.python.org
Sun Nov 21 11:13:06 CET 2010


david <db.pub.mail at gmail.com> added the comment:

On 21 November 2010 20:50, Martin v. Löwis <report at bugs.python.org> wrote:
>
> Martin v. Löwis <martin at v.loewis.de> added the comment:
>
>> So for python3 is it possible to make attempting to use capath(some
>> common ones OR the openssl location capath if this is ok for use) the
>> default(with failure to find a valid capath result in an exception
>> being raised) ?
>
> The default? That would be an incompatible change, and cause many
> complaints. So I'm very skeptical that this can be done.
>
> Having applications/scripts explicitly opt-in to a default CA
> certificate list would be an option (then making those applications
> break in installations where the default CA list is empty).

"Errors should never pass silently."
IMHO it is an error not to check by default.
No it wouldn't break anything that shouldn't break.
Users can then pass in None for the capath (as an example).

----------
title: some stdlib modules need to be updated to handle SSL	certificate validation -> some stdlib modules need to be updated to handle SSL certificate validation

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10441>
_______________________________________


More information about the Python-bugs-list mailing list