[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)

Chris Angelico rosuav at gmail.com
Mon Jun 3 22:05:01 CEST 2013


On Tue, Jun 4, 2013 at 4:56 AM, Ethan Furman <ethan at stoneleaf.us> wrote:
> On 06/03/2013 11:34 AM, Antoine Pitrou wrote:
>>
>> On Mon, 3 Jun 2013 14:12:34 -0400
>> Donald Stufft wrote:
>>>
>>>
>>> I worry with the current situation people will just use TLS connections
>>> without realizing it's not being verified and thinking they are "safe".
>>
>>
>> Yet there's quite a visible warning in the docs:
>> http://docs.python.org/dev/library/urllib.request.html
>
>
> As has been been mentioned elsewhere, at the very least we should change
> cadefault to True for secure-type connections.  The dangerous/unexpected
> behavior should not be the default.

+1 for having the default be safe, but this will have to be very
loudly announced ("when migrating from 3.3 to 3.4, TLS connections
will cease to work if blah blah"). Some legit sites with proper
certificates still manage to muck something up administratively
(developer.quicksales.com.au has a cert from RapidSSL but doesn't
bundle the intermediates, and I've told their devs about it, but all I
can do is disable cert checking). This will break code in ways that
will surprise people greatly. But I'd still rather the default be
True.

ChrisA


More information about the Python-Dev mailing list