[issue19508] Add warning that Python doesn't verify SSL certs by default
Christian Heimes
report at bugs.python.org
Tue Nov 5 23:52:08 CET 2013
New submission from Christian Heimes:
Developers are still surprised that Python's ssl library doesn't validate SSL certs by default. We should add a *big* warning to the SSL module as well as to all consumers (http, ftp, imap, pop, smtp, nntp ...) that neither the CA cert chain nor the hostname are validated by default. (AFAIK only http.client does match_hostname()).
----------
assignee: docs at python
components: Documentation
messages: 202245
nosy: christian.heimes, docs at python, giampaolo.rodola, janssen, pitrou
priority: high
severity: normal
stage: needs patch
status: open
title: Add warning that Python doesn't verify SSL certs by default
type: enhancement
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19508>
_______________________________________
More information about the Python-bugs-list
mailing list