[Python-Dev] Enable Hostname and Certificate Chain Validation

Cory Benfield cory at lukasa.co.uk
Wed Jan 22 11:38:10 CET 2014


On 22 January 2014 10:30, Donald Stufft <donald at stufft.io> wrote:
> I would like to propose that a backwards incompatible change be
> made to Python to make verification of hostname and certificate
> chain the default instead of requiring it to be opt in.

I'm overwhelmingly, dramatically +1 on this. There's no good
architectural reason to not use the built-in certificate chains by
default. I'd like to be in favour of backporting this change to earlier
Python versions as well, but it feels just a bit too aggressive.

Cory


More information about the Python-Dev mailing list