[Python-Dev] PEP 476: Enabling certificate validation by default!
ncoghlan at gmail.com
Wed Sep 3 01:01:55 CEST 2014
On 3 Sep 2014 08:18, "Alex Gaynor" <alex.gaynor at gmail.com> wrote:
> Antoine Pitrou <solipsis <at> pitrou.net> writes:
> > And how many people are using Twisted as an HTTPS client?
> > (compared to e.g. Python's httplib, and all the third-party libraries
> > building on it?)
> I don't think anyone could give an honest estimate of these counts,
> there's two factors to bare in mind: a) It's extremely strongly
> use requests to make any HTTP requests precisely because httplib is
> in certificate and hostname checking by default, b) We're talking about
> Python3, which has fewer users than Python2.
Creating *new* incompatibilities between Python 2 & Python 3 is a major
point of concern. One key focus of 3.5 is *reducing* barriers to migration,
and this PEP would be raising a new one.
It's a change worth making, but we have time to ensure there are easy ways
to do things like skipping cert validation, or tolerate expired
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev