[Python-checkins] peps: PEP 493: address review comments from Barry

nick.coghlan python-checkins at python.org
Wed Feb 24 01:30:09 EST 2016 

https://hg.python.org/peps/rev/56216b91fcf0
changeset:   6243:56216b91fcf0
user:        Nick Coghlan <ncoghlan at gmail.com>
date:        Wed Feb 24 16:29:59 2016 +1000
summary:
  PEP 493: address review comments from Barry

files:
  pep-0493.txt |  19 +++++++++++--------
  1 files changed, 11 insertions(+), 8 deletions(-)


diff --git a/pep-0493.txt b/pep-0493.txt
--- a/pep-0493.txt
+++ b/pep-0493.txt
@@ -118,16 +118,19 @@
 detecting them. Instead, they are designed to allow the presence
 or absence of the feature to be determined using the following technique::
 
-    python -c "import ssl; ssl._relevant_attribute"
+    python -c "import ssl; ssl.<_relevant_attribute>"
 
 This will fail with `AttributeError` (and hence a non-zero return code) if the
 relevant capability is not available.
 
+The feature detection attributes defined by this PEP are:
+
+* ``ssl._https_verify_certificates``: runtime configuration API
+* ``ssl._https_verify_envvar``: environment based configuration
+* ``ssl._cert_verification_config``: file based configuration (PEP 476 opt-in)
+
 The marker attributes are prefixed with an underscore to indicate the
-implementation dependent nature of these capabilities - not all Python
-distributions will offer them, only those that are providing a multi-stage
-migration process from the original Python 2.7 HTTPS handling to the new
-default behaviour.
+implementation dependent and security sensitive nature of these capabilities.
 
 
 Feature: Configuration API
@@ -186,7 +189,7 @@
 
 This change is proposed for inclusion in CPython 2.7.12 and later CPython 2.7.x
 releases. It consists of a new ``PYTHONHTTPSVERIFY`` environment variable that
-allows the default verification to be disabled without modifying the
+can be set to ``'0'`` to disable the default verification without modifying the
 application source code (which may not even be available in cases of
 bytecode-only application distribution)
 
@@ -285,7 +288,7 @@
 There's no specific attribute indicating that this situation applies. Rather,
 it is indicated by the ``ssl._https_verify_certificates`` and
 ``ssl._https_verify_envvar`` attributes being present in a Python version that
-is nominally older than Python 2.7.9.
+is nominally older than Python 2.7.12.
 
 Specification
 -------------
@@ -501,7 +504,7 @@
   verifying HTTPS certificates by default than that being provided by the
   upstream project
 * either the redistributor or the local infrastructure administrator has
-  determined that it is appropriate to retaing the default pre-2.7.9 behaviour
+  determined that it is appropriate to retain the default pre-2.7.9 behaviour
   (at least for the time being)
 
 Using an administrator controlled configuration file rather than an environment

-- 
Repository URL: https://hg.python.org/peps

More information about the Python-checkins mailing list