[Python-Dev] PEP 476: Enabling certificate validation by default!

Donald Stufft donald at stufft.io
Fri Aug 29 22:10:03 CEST 2014

> On Aug 29, 2014, at 4:00 PM, "M.-A. Lemburg" <mal at egenix.com> wrote:
> * choice of trusted certificate:
>   Instead of hard wiring using the system CA roots into
>   Python it would be good to just make this default and
>   permit the user to point Python to a different set of
>   CA roots.
>   This would enable using self signed certs more easily.
>   Since these are often used for tests, demos and education,
>   I think it's important to allow having more control of
>   the trusted certs.

If I recall OpenSSL already allows this to be configured via envvar and the python API already allows it to be configured via API. 

More information about the Python-Dev mailing list