[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)

Barry Warsaw barry at python.org
Mon Jun 3 18:36:36 CEST 2013

On Jun 03, 2013, at 01:20 AM, Donald Stufft wrote:

>So I would like to propose that CPython adopt the Mozilla SSL certificate
>list and include it in core, and switch over the API's so that they verify
>HTTPS by default. This is what most people are going to expect when using a
>https url (Especially after learning that Python 2.x doesn't verify TLS, but
>Python 3.x "does").

For the "verify HTTPS by default", do you mean specifically changing the
cadefault argument to urllib.request.urlopen() to True?  Note that I recently
closed a bug related to this:


+1 for changing the default to True.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/8fb02bfe/attachment.pgp>

More information about the Python-Dev mailing list