[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
barry at python.org
Mon Jun 3 18:36:36 CEST 2013
On Jun 03, 2013, at 01:20 AM, Donald Stufft wrote:
>So I would like to propose that CPython adopt the Mozilla SSL certificate
>list and include it in core, and switch over the API's so that they verify
>HTTPS by default. This is what most people are going to expect when using a
>https url (Especially after learning that Python 2.x doesn't verify TLS, but
>Python 3.x "does").
For the "verify HTTPS by default", do you mean specifically changing the
cadefault argument to urllib.request.urlopen() to True? Note that I recently
closed a bug related to this:
+1 for changing the default to True.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Python-Dev