[Python-Dev] Enable Hostname and Certificate Chain Validation

Christian Heimes christian at python.org
Thu Jan 23 00:31:40 CET 2014


On 22.01.2014 23:20, Nick Coghlan wrote:
> However, now we have access to the system cert stores on all major
> platforms, I *do* think it's a good idea to eventually change the
> default settings to include host verification.

Somebody has revise the situation on OSX for Python 3.5 and possible
create new bindings to the keychain API. OSX has only 0.9.8. Apple has
deprecated OpenSSL and I'd like to drop 0.9.8 support in 3.5.

> Such a proposal will also need to address the implications for source
> compatible Python 2/3 code across *all* secure network protocols, not
> just HTTPS (the latter can be handled relatively easily using the
> requests module).

Please count me in!

I see two options to handle Python < 3.4: backport the ssl module or
hope that the "cryptography" library is ready.

Christian



More information about the Python-Dev mailing list