[Python-Dev] Enable Hostname and Certificate Chain Validation

Paul Moore p.f.moore at gmail.com
Wed Jan 22 15:19:54 CET 2014

On 22 January 2014 13:55, Donald Stufft <donald at stufft.io> wrote:
> As an additional side note, anecdotal evidence and what not, but
> *every* time I bring this up somewhere I get at least one reply that
> looks similar to https://twitter.com/ojiidotch/status/425986619879866368

Surprise that Python doesn't verify certs is one thing. I would also
like to live in a world where Python has always verified certs, and
all the issues have already been resolved. Imposing breakage on end
users because we haven't managed to persuade application developers to
do the right thing yet (even though it appears we've made it
one-line-of-code easy to do so) is another thing entirely.

But the deprecation cycle gives application developers time (and a
deadline) so I'm happy with that.

Although from MAL's original comment:
> Note that several python.org services use CAcerts which would no
> longer be accessible per default following such a change.

,The PSF needs to get that sorted before making cert validation the
default in Python, IMO.


More information about the Python-Dev mailing list