[issue13856] xmlrpc / httplib changes to allow for certificate verification
Senthil Kumaran
report at bugs.python.org
Mon Jan 30 00:55:29 CET 2012
Senthil Kumaran <senthil at uthcode.com> added the comment:
On Sun, Jan 29, 2012 at 10:30:45PM +0000, Antoine Pitrou wrote:
>
> Well, if you are a security expert you can volunteer to maintain a
> trusted certificates' file in the Python repository :) I think
> nobody else amongst us is qualified.
:-) haha. Neither am I (and I didn't figure out immediately that,
that's the requirement to go forward, so definitely not the person.)
But given that curl [1] has adopted the approach the user will know
where the CA cert will be and let's the user specify the details, I
wondered if the just having the provision to give ca_cert details is a
good thing.
Yeah, I recollect a discussion that there is not a standard
file-system path where OS store the certs and relying on them is not a
good idea.
[1] http://curl.haxx.se/docs/sslcerts.html
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13856>
_______________________________________
More information about the Python-bugs-list
mailing list