[Python-Dev] PEP 476: Enabling certificate validation by default!
mal at egenix.com
Fri Aug 29 22:00:00 CEST 2014
On 29.08.2014 21:47, Alex Gaynor wrote:
> Hi all,
> I've just submitted PEP 476, on enabling certificate validation by default for
> HTTPS clients in Python. Please have a look and let me know what you think.
> PEP text follows.
Thanks for the PEP. I think this is generally a good idea,
but some important parts are missing from the PEP:
* transition plan:
I think starting with warnings in Python 3.5 and going
for exceptions in 3.6 would make a good transition
Going straight for exceptions in 3.5 is not in line with
our normal procedures for backwards incompatible changes.
It would be good to be able to switch this on or off
without having to change the code, e.g. via a command
line switch and environment variable; perhaps even
controlling whether or not to raise an exception or
* choice of trusted certificate:
Instead of hard wiring using the system CA roots into
Python it would be good to just make this default and
permit the user to point Python to a different set of
This would enable using self signed certs more easily.
Since these are often used for tests, demos and education,
I think it's important to allow having more control of
the trusted certs.
Professional Python Services directly from the Source (#1, Aug 29 2014)
>>> Python Projects, Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
2014-08-27: Released eGenix PyRun 2.0.1 ... http://egenix.com/go62
2014-09-19: PyCon UK 2014, Coventry, UK ... 21 days to go
2014-09-27: PyDDF Sprint 2014 ... 29 days to go
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
More information about the Python-Dev