[Python-Dev] Enable Hostname and Certificate Chain Validation

Brian Curtin brian at python.org
Wed Jan 22 19:46:57 CET 2014

On Wed, Jan 22, 2014 at 12:10 PM, John Yeuk Hon Wong
<gokoproject at gmail.com> wrote:
> On 1/22/14 8:16 AM, Nick Coghlan wrote:
>> Which is exactly the way most non-web-specialists working inside the
>> comfort of corporate and academic firewalls will react to a change that
>> breaks their access to internal applications, where self-signed certs and
>> improperly configured internal CAs are endemic (of course, that's assuming
>> they're using HTTPS at all, which I admit is an optimistic assumption).
> The number of people who are using 3.4+ in these environments is probably
> very very low to be honest. I don't have a number to prove, but in that
> environment people are more likely to still be using 2.6+. I think a
> deprecation in 2.7+ would be nice, but forward we should just enable it by
> default.
> When requests changed property calls (e.g. requests.json) to callable
> instead of an attribute(from requests.json to requests.json()), I was
> shocked. I had to figure out by Googling it. I found out from github
> issue....
> I think a hard fail is somehow necessary.
> Also, a lot of people overlook at deprecation warnings. They either don't
> care or don't see it. I see a lot of deprecation warnings in the older
> applications I write, but I can careless until it breaks. So as we moving
> forward, we can break it. For those stuck behind, deprecation is the right
> approach.

They're disabled by default, so a lot of people simply don't know they
exist because they also don't read the documentation.

More information about the Python-Dev mailing list