[Python-Dev] PEP 476: Enabling certificate validation by default!

Antoine Pitrou solipsis at pitrou.net
Wed Sep 3 16:31:13 CEST 2014


On Tue, 02 Sep 2014 21:29:16 -0400
"R. David Murray" <rdmurray at bitdance.com> wrote:
> 
> The top proposal so far is an sslcustomize.py file that could be used to
> either decrease or increase the default security.  This is a much less
> handy solution than application options (eg, curl, wget) that allow
> disabling security for "this cert" or "this CLI session".  It also is
> more prone to unthinking abuse since it is persistent.  So perhaps
> it is indeed not worth it.  (That's why I suggested an environment
> variable...something you could specify on the command line for a one-off.)

I'll be fine with not adding any hooks at all, and letting people
configure their application code correctly :-)

Regards

Antoine.




More information about the Python-Dev mailing list