[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)

Barry Warsaw barry at python.org
Mon Jun 3 18:52:00 CEST 2013

On Jun 03, 2013, at 03:12 AM, Donald Stufft wrote:

>That's fine with me too. My only reason for wanting to use the system certs
>first is so if someone has modified their system certs (say to include a
>corporate cert) that it would ideally take affect for Python as well.

This reminds me of one other thing.  We have to make sure that the APIs
(e.g urlopen()) continue to allow us to use self-signed certificates, if for
no other reason than for testing purposes.  OTOH, taking this away would be a
backward incompatible change in API so probably wouldn't happen anyway.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/d930edbe/attachment.pgp>

More information about the Python-Dev mailing list