[Python-Dev] Enable Hostname and Certificate Chain Validation

Christian Heimes christian at python.org
Wed Jan 22 15:33:21 CET 2014

On 22.01.2014 15:12, Jesse Noller wrote:
> And no one reads it. I can't count the number of times I've gotten called into a managers office when they find out python doesn't do cert validation by default (and in 2, it's not been trivial) and gotten told to fix it, or we move off of python.
> Donald is perfectly right: every time you point out to users that this is the default behavior the response is almost universally "you can't be serious, is this a joke?"

Yes, you are right. :(

About two months ago (maybe three) I proposed to deprecated implicit SSL
context, unverified certs and unverified hostnames all together. But I
was voted down. Donald made a similar attempt half an year ago, too.

Can't we just mark these things as pending deprecated in Python 3.4 so
people start fixing their code *now*?


More information about the Python-Dev mailing list