[Python-Dev] Enable Hostname and Certificate Chain Validation

Brett Cannon brett at python.org
Wed Jan 22 22:29:01 CET 2014

On Wed, Jan 22, 2014 at 3:56 PM, Benjamin Peterson <benjamin at python.org>wrote:

> On Wed, Jan 22, 2014, at 12:25 PM, Nick Coghlan wrote:
> > On 23 Jan 2014 00:39, "Benjamin Peterson" <benjamin at python.org> wrote:
> > > Speaking of requests, I think another way to address this issue would
> be
> > > import a requests-like APIs into the stdlib (something which should
> > > happen anyway) and make that verify certificates by default. This would
> > > address the casual urllib-type usecase of fetching files over http/ftp
> > > etc. (I expect most people using their own protocols over raw TLS
> > > already know to force certificate verification.)
> >
> > Guido gave in principle approval for an asyncio backed requests clone as
> > the preferred HTTP client API last year, but that's going to take someone
> > to write and publish it if we're going to be able to include it in 3.5.
> But requests is synchronous, so I'm not sure how much you can use of
> asyncio. I was thinking of something bolted onto urllib.

Sure, but the key point is that a new async API can be made synchronous as
well by blocking as necessary. The eventual synchronous API can resemble or
take inspiration from requests. Point is, though, is it was admitted a new
module is probably called for thanks to asyncio (and to give us a chance to
fix mistakes in urllib).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/ac8cc8fb/attachment.html>

More information about the Python-Dev mailing list