[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)

[Chris Angelico]

On Tue, Jun 4, 2013 at 9:15 AM, Donald Stufft <donald at stufft.io> wrote:
> Generally any of these will be completely valid options, even disabling the
> checks. The idea behind my proposal is that people generally only use TLS
> for a reason and that reason is they want to protect against the kinds of
> attacks that TLS protects against. You really only get the bulk of those
> protections if you validate the certificates. So for the vast bulk of people
> validation is the option they want. It also happens that validation on by
> default is "secure" by default which aims a fairly large foot gun away from
> peoples feet.

Yep. I absolutely agree, and if Python had been like this ever since
3.0, there would be no issue whatsoever. The only problem is that it's
going to trip up people who have otherwise-working code that gets
broken by a change of Python version. The problem isn't even in their
code, it's in the remote end. I support making the change, but all of
the solutions you propose require being aware of the problem. Somehow
people will need to be told, preferably before it breaks something,
that the default has changed.

ChrisA