[Python-checkins] peps: PEP 493: address review comments from Barry
nick.coghlan
python-checkins at python.org
Wed Feb 24 01:30:09 EST 2016
https://hg.python.org/peps/rev/56216b91fcf0
changeset: 6243:56216b91fcf0
user: Nick Coghlan <ncoghlan at gmail.com>
date: Wed Feb 24 16:29:59 2016 +1000
summary:
PEP 493: address review comments from Barry
files:
pep-0493.txt | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/pep-0493.txt b/pep-0493.txt
--- a/pep-0493.txt
+++ b/pep-0493.txt
@@ -118,16 +118,19 @@
detecting them. Instead, they are designed to allow the presence
or absence of the feature to be determined using the following technique::
- python -c "import ssl; ssl._relevant_attribute"
+ python -c "import ssl; ssl.<_relevant_attribute>"
This will fail with `AttributeError` (and hence a non-zero return code) if the
relevant capability is not available.
+The feature detection attributes defined by this PEP are:
+
+* ``ssl._https_verify_certificates``: runtime configuration API
+* ``ssl._https_verify_envvar``: environment based configuration
+* ``ssl._cert_verification_config``: file based configuration (PEP 476 opt-in)
+
The marker attributes are prefixed with an underscore to indicate the
-implementation dependent nature of these capabilities - not all Python
-distributions will offer them, only those that are providing a multi-stage
-migration process from the original Python 2.7 HTTPS handling to the new
-default behaviour.
+implementation dependent and security sensitive nature of these capabilities.
Feature: Configuration API
@@ -186,7 +189,7 @@
This change is proposed for inclusion in CPython 2.7.12 and later CPython 2.7.x
releases. It consists of a new ``PYTHONHTTPSVERIFY`` environment variable that
-allows the default verification to be disabled without modifying the
+can be set to ``'0'`` to disable the default verification without modifying the
application source code (which may not even be available in cases of
bytecode-only application distribution)
@@ -285,7 +288,7 @@
There's no specific attribute indicating that this situation applies. Rather,
it is indicated by the ``ssl._https_verify_certificates`` and
``ssl._https_verify_envvar`` attributes being present in a Python version that
-is nominally older than Python 2.7.9.
+is nominally older than Python 2.7.12.
Specification
-------------
@@ -501,7 +504,7 @@
verifying HTTPS certificates by default than that being provided by the
upstream project
* either the redistributor or the local infrastructure administrator has
- determined that it is appropriate to retaing the default pre-2.7.9 behaviour
+ determined that it is appropriate to retain the default pre-2.7.9 behaviour
(at least for the time being)
Using an administrator controlled configuration file rather than an environment
--
Repository URL: https://hg.python.org/peps
More information about the Python-checkins
mailing list