[Python-Dev] PEP 476: Enabling certificate validation by default!
donald at stufft.io
Mon Sep 1 00:15:29 CEST 2014
> On Aug 31, 2014, at 5:43 PM, Christian Heimes <christian at python.org> wrote:
> On 31.08.2014 08:09, Nick Coghlan wrote:
>> As Antoine says here, I'm also opposed to adding more Python specific
>> configuration options. However, I think there may be something
>> worthwhile we can do that's closer to the way browsers work, and has
>> the significant benefit of being implementable as a PyPI module first
>> (more on that in a separate reply).
> I'm on your and Antoine's side and strictly against any additional
> environment variables or command line arguments. That would make the
> whole validation process even more complex and harder to understand.
> There might be a better option to give people and companies the option
> to tune the SSL module to their needs. Python already have a
> customization hook for the site module called sitecustomize. How about
> another module named sslcustomize? Such a module could be used to tune
> the ssl module to the needs of users, e.g. configure a different default
> context, add certificates to a default context etc.
> Companies could install them in a system global directory on their
> servers. Users could put them in their own user site directory and even
> each virtual env can have one sslcustomize of its own. It's fully
> backward compatible, doesn't add any flags and developers have the full
> power of Python for configuration and customization.
This may be a dumb question, but why can’t sitecustomize do this already?
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev