[Python-Dev] Enable Hostname and Certificate Chain Validation
Paul Moore
p.f.moore at gmail.com
Wed Jan 22 15:28:15 CET 2014
On 22 January 2014 13:29, Christian Heimes <christian at python.org> wrote:
> Side note:
> Users can simple add self-signed certs to OpenSSL's cert store and get
> validation for free. It's possible to do that with an environment
> variable, too. But I recommend against the environment variable because
> you may overwrite to operating store.
I'm pretty sure what I'm about to ask isn't what you mean, but take it
as an example of how people may misunderstand and/or misinterpret
comments in this area ;-)
So if I set up a PyPI mirror running under https, with a self-signed
certificate, can you explain how I get it to work? For "work", assume
I mean pip will use it, I can browse to it with my web browser, and my
various Python scripts (now running under Python 3.5 with SSL
verification on by default) that query the index all work without
needing extra flags, code changes, or interactive prompts.
I'm on Windows, by the way, just for added fun.
(This is a one of the real-world reasons I've never set up a local
https index - not a big one, laziness trumps it by miles :-) as does
the effectiveness of simpler solutions - but it's there. I did think
about it at one stage. If I *were* to set up an index, it's definitely
why I'd use http rather than bothering with https.)
Paul
More information about the Python-Dev
mailing list