[Python-Dev] PEP 476: Enabling certificate validation by default!
R. David Murray
rdmurray at bitdance.com
Wed Sep 3 17:58:07 CEST 2014
On Wed, 03 Sep 2014 16:31:13 +0200, Antoine Pitrou <solipsis at pitrou.net> wrote:
> On Tue, 02 Sep 2014 21:29:16 -0400
> "R. David Murray" <rdmurray at bitdance.com> wrote:
> >
> > The top proposal so far is an sslcustomize.py file that could be used to
> > either decrease or increase the default security. This is a much less
> > handy solution than application options (eg, curl, wget) that allow
> > disabling security for "this cert" or "this CLI session". It also is
> > more prone to unthinking abuse since it is persistent. So perhaps
> > it is indeed not worth it. (That's why I suggested an environment
> > variable...something you could specify on the command line for a one-off.)
>
> I'll be fine with not adding any hooks at all, and letting people
> configure their application code correctly :-)
Again, the problem arises when it is not *their* application code, but
a third party tool that hasn't been ported to 3.5.
I'm OK with letting go of this invalid-cert issue myself, given the lack
of negative feedback Twisted got. I'll just keep my fingers crossed.
--David
More information about the Python-Dev
mailing list