[Python-Dev] Enable Hostname and Certificate Chain Validation

Antoine Pitrou solipsis at pitrou.net
Wed Jan 22 17:07:46 CET 2014


On Wed, 22 Jan 2014 08:12:06 -0700
Eric Snow <ericsnowcurrently at gmail.com> wrote:
> On Jan 22, 2014 6:17 AM, "M.-A. Lemburg" <mal at egenix.com> wrote:
> > Using an environment switch the extra checks could even be enabled
> > without any code changes.
> 
> When Donald brought this up it sounded good.  It still does.  This is
> similar to what we did for hash randomization.

The comparison is baseless. Hash randomization is a language feature
that can only be enabled at interpreter startup, and is at best a
per-application decision. SSL settings, on the other hand, have to be
decided per-client endpoint, not per-process, and they will depend on
the external service you connect to rather than the way your code is
written.

I'm -1 on adding env vars because we can't agree on SSL configuration
options.

Regards

Antoine.




More information about the Python-Dev mailing list