[Python-Dev] Enable Hostname and Certificate Chain Validation

Jesse Noller jnoller at gmail.com
Wed Jan 22 15:12:49 CET 2014

> On Jan 22, 2014, at 8:03 AM, Christian Heimes <christian at python.org> wrote:
>> On 22.01.2014 14:55, Donald Stufft wrote:
>> As an additional side note, anecdotal evidence and what not, but 
>> *every* time I bring this up somewhere I get at least one reply
>> that looks similar to
>> https://twitter.com/ojiidotch/status/425986619879866368
> Yeah :(
> The ssl module documentation http://docs.python.org/3/library/ssl.html
> features a big red warning box for a good reason.

And no one reads it. I can't count the number of times I've gotten called into a managers office when they find out python doesn't do cert validation by default (and in 2, it's not been trivial) and gotten told to fix it, or we move off of python.

Donald is perfectly right: every time you point out to users that this is the default behavior the response is almost universally "you can't be serious, is this a joke?"

> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/jnoller%40gmail.com

More information about the Python-Dev mailing list