[Python-Dev] Enable Hostname and Certificate Chain Validation

Kristján Valur Jónsson kristjan at ccpgames.com
Thu Jan 23 07:02:18 CET 2014

> -----Original Message-----
> From: Python-Dev [mailto:python-dev-
> bounces+kristjan=ccpgames.com at python.org] On Behalf Of Nick Coghlan
> Sent: Wednesday, January 22, 2014 19:45
> To: Paul Moore
> Cc: Python-Dev
> Subject: Re: [Python-Dev] Enable Hostname and Certificate Chain Validation
> Right, the browsers have a whole system of "click through" security to make
> the web (and corporate intranets!) still usable even when they only accept
> CA signed certs by default. With a programming language, there's no such
> interactivity, so applications just break and users don't know why.

If not already possible, I suggest that we allow the use of a certificate validation callback
(it isn't possible for 2.7, I just hacked in one yesterday to allow me to ignore out-date-failure for certificates.)
Using this, it would be possible to e.g. emit warnings when certificiate failures occur, rather than deny connection outright.


More information about the Python-Dev mailing list