[Python-Dev] Enable Hostname and Certificate Chain Validation

Donald Stufft donald at stufft.io
Wed Jan 22 13:03:52 CET 2014


On Jan 22, 2014, at 7:03 AM, Paul Moore <p.f.moore at gmail.com> wrote:

> On 22 January 2014 11:29, Donald Stufft <donald at stufft.io> wrote:
>>> 1. To be "like the browser" we'd need to use the OS certificate store,
>>> which isn't the case on Windows at the moment (managing those
>>> certificate bundle files is most definitely *not* "like the browser" -
>>> I'd have no idea how to add a self-certificate to the bundle file
>>> embedded in pip, for example).
>> 
>> Python 3.4 added the ability to use the OS cert store on Windows,
>> see http://bugs.python.org/issue17134.
> 
> Brilliant. I didn't know that.
> 
> Will pip when run on Python 3.4 use the OS cert store? I guess the
> answer is probably "no" (but i'd love to be pleasantly surprised).
> 
> Paul

The answer is (I believe) no, mostly for consistency’s sake.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/4f2a6bb8/attachment.sig>


More information about the Python-Dev mailing list