[Python-Dev] PEP 476: Enabling certificate validation by default!

Nick Coghlan ncoghlan at gmail.com
Mon Sep 1 08:44:43 CEST 2014

On 1 September 2014 16:07, Paul Moore <p.f.moore at gmail.com> wrote:
> On 31 August 2014 23:10, Nick Coghlan <ncoghlan at gmail.com> wrote:
>> Assuming sslcustomize was in site-packages rather than the standard library
>> directories, you would also be able to use virtual environments with an
>> appropriate sslcustomize module to disable cert checking even if the
>> application you were running didn't support direct configuration.
> Would this mean that a malicious package could install a custom
> sslcustomize.py and so add unwanted certs to the system? I guess we
> have to assume that installed packages are trusted, but I just wanted
> to be explicit.

Yes, it would have exactly the same security failure modes as
sitecustomize, except it would only fire if the application imported
the ssl module.

The "-S" and "-I" switches would need to disable the implied
"sslcustomize", just as they disable "import site".


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-Dev mailing list