[Python-Dev] PEP 476: Enabling certificate validation by default!

Donald Stufft donald at stufft.io
Mon Sep 1 00:15:29 CEST 2014

> On Aug 31, 2014, at 5:43 PM, Christian Heimes <christian at python.org> wrote:
> On 31.08.2014 08:09, Nick Coghlan wrote:
>> As Antoine says here, I'm also opposed to adding more Python specific
>> configuration options. However, I think there may be something
>> worthwhile we can do that's closer to the way browsers work, and has
>> the significant benefit of being implementable as a PyPI module first
>> (more on that in a separate reply).
> I'm on your and Antoine's side and strictly against any additional
> environment variables or command line arguments. That would make the
> whole validation process even more complex and harder to understand.
> There might be a better option to give people and companies the option
> to tune the SSL module to their needs. Python already have a
> customization hook for the site module called sitecustomize. How about
> another module named sslcustomize? Such a module could be used to tune
> the ssl module to the needs of users, e.g. configure a different default
> context, add certificates to a default context etc.
> Companies could install them in a system global directory on their
> servers. Users could put them in their own user site directory and even
> each virtual env can have one sslcustomize of its own. It's fully
> backward compatible, doesn't add any flags and developers have the full
> power of Python for configuration and customization.

This may be a dumb question, but why can’t sitecustomize do this already?

Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140831/d829ffd8/attachment-0001.html>

More information about the Python-Dev mailing list