[issue11357] Add support for PEP 381 -- Mirror Authenticity
Alexis Metaireau
report at bugs.python.org
Tue Mar 1 16:44:58 CET 2011
Alexis Metaireau <alexis at notmyidea.org> added the comment:
Antoine Pitrou on #python-dev made interesting remarks about the validation:
16:19 < __ap__> hmm the way the patch does validation is bogus
16:22 < __ap__> because it opens the URL a first time, validates it,
then opens it a second time with urlopen()
16:22 < __ap__> without verifying the certificate on the second time
16:23 < __ap__> it should do the validation directly with urlopen()
16:23 < __ap__> (which probably requires defining a custom HTTPSHandler)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11357>
_______________________________________
More information about the Python-bugs-list
mailing list