[Python-Dev] PEP 476: Enabling certificate validation by default!

Nick Coghlan ncoghlan at gmail.com
Wed Sep 3 00:12:16 CEST 2014

On 1 Sep 2014 16:05, "Nick Coghlan" <ncoghlan at gmail.com> wrote:
> The final change would be to seed the context factory map
> appropriately for the standard library modules where we wanted to keep
> the *old* default:
>     for modname in ("nntplib", "poplib", "imaplib", "ftplib",
> "smtplib", "asyncio.selector_events", "urllib.request",
> "http.client"):
>         named_contexts[modname] = create_legacy_context
> The list I have above is for *all* current uses of
> "sss._create_stdlib_context". The backwards incompatible part of PEP
> 476 would then just be about removing names from that list (currently
> just "http.client", but I'd suggest "asyncio.selector_events" as
> another candidate, taking advantage of asyncio's provisional API
> status).

Update on this: Christian & I both like the SSL named context and
customisation idea independently of the proposal to change the default
behaviour, so we're going to write it up as a separate PEP.

Changing the default behaviour would then be reduced to a proposal to take
a couple of module names off the "uses legacy SSL settings" list.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140903/dee879dd/attachment.html>

More information about the Python-Dev mailing list