[Python-Dev] Enable Hostname and Certificate Chain Validation
donald at stufft.io
Wed Jan 22 22:48:03 CET 2014
Never mind. If someone else cares they can propose it. I withdraw.
> On Jan 22, 2014, at 4:29 PM, Brett Cannon <brett at python.org> wrote:
>> On Wed, Jan 22, 2014 at 3:56 PM, Benjamin Peterson <benjamin at python.org> wrote:
>> On Wed, Jan 22, 2014, at 12:25 PM, Nick Coghlan wrote:
>> > On 23 Jan 2014 00:39, "Benjamin Peterson" <benjamin at python.org> wrote:
>> > > Speaking of requests, I think another way to address this issue would be
>> > > import a requests-like APIs into the stdlib (something which should
>> > > happen anyway) and make that verify certificates by default. This would
>> > > address the casual urllib-type usecase of fetching files over http/ftp
>> > > etc. (I expect most people using their own protocols over raw TLS
>> > > already know to force certificate verification.)
>> > Guido gave in principle approval for an asyncio backed requests clone as
>> > the preferred HTTP client API last year, but that's going to take someone
>> > to write and publish it if we're going to be able to include it in 3.5.
>> But requests is synchronous, so I'm not sure how much you can use of
>> asyncio. I was thinking of something bolted onto urllib.
> Sure, but the key point is that a new async API can be made synchronous as well by blocking as necessary. The eventual synchronous API can resemble or take inspiration from requests. Point is, though, is it was admitted a new module is probably called for thanks to asyncio (and to give us a chance to fix mistakes in urllib).
> Python-Dev mailing list
> Python-Dev at python.org
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev