[Python-Dev] Enable Hostname and Certificate Chain Validation

Scott Dial scott+python-dev at scottdial.com
Thu Jan 23 07:45:15 CET 2014

On 2014-01-22 9:33 AM, Donald Stufft wrote:
> For everything but pip, you’d add it to your OS cert store. Pip doesn’t
> use that so you’d have to use the —cert config.

What if I don't want that self-signed cert to be trusted by all users on
the system? What if I don't have administrative rights? How do I do it
then? Is this common knowledge for average users? Are we trading one big
red box in the documentation for another?

Anecdotally, I already know of a system at work that is using HTTPS
purely for encryption, because the authentication is done in-band. So, a
self-signed cert was wholly sufficient. The management tools use a
RESTful interface over HTTPS for control, but you are telling me this
will be broken by default now. What do I tell our developers (who often
adopt the latest and greatest versions of things to play with)?

Scott Dial
scott at scottdial.com

More information about the Python-Dev mailing list