[Python-Dev] Enable Hostname and Certificate Chain Validation
Nick Coghlan
ncoghlan at gmail.com
Wed Jan 22 14:24:54 CET 2014
On 22 January 2014 23:19, Antoine Pitrou <solipsis at pitrou.net> wrote:
> On Wed, 22 Jan 2014 05:30:40 -0500
> Donald Stufft <donald at stufft.io> wrote:
>> I would like to propose that a backwards incompatible change be
>> made to Python to make verification of hostname and certificate
>> chain the default instead of requiring it to be opt in.
>>
>> Python 3.4 has made great strides in making it easier for applications
>> to simply turn on these settings, however many people are not aware
>> at all that they need to opt into this. Most assume that it will operate
>> similarly to their browser, curl, wget, etc
>
> Python is not a Web client. Are you talking specifically about urllib?
And all the other client modules that can make secure network
connections (but don't validate that the certificate matches the
hostname by default).
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list