[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Barry Warsaw
barry at python.org
Mon Jun 3 19:04:07 CEST 2013
On Jun 03, 2013, at 02:21 PM, Donald Stufft wrote:
>The other additional comment I'd like to throw in here is that if we don't
>bundle SSL certs I think we should still verify by default (which means HTTPS
>urls will throw an error by default if we can't locate a certificate store)
>because I think the risk to people unknowingly thinking that their HTTPS urls
>are protected are significant enough that this "error" shouldn't be silent by
>default.
+1, especially if we ensure that the APIs are available to not verify, as is
currently the case with urlopen(). I don't think people will want to do that
in production, but it will be useful for testing (e.g. guess how I found
issues 17977 :).
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/3f5d198e/attachment.pgp>
More information about the Python-Dev
mailing list