[Python-Dev] PEP 476: Enabling certificate validation by default!

Alex Gaynor alex.gaynor at gmail.com
Wed Sep 3 19:15:13 CEST 2014


Ethan Furman <ethan <at> stoneleaf.us> writes:

> 
> I apologize if I missed this point, but if we have the source code then it is
> possible to go in and directly modify the application/utility to be able to
> talk over https to a router with an invalid certificate?  This is an option
> when creating the ssl_context?
> 
> --
> ~Ethan~
> 


Yes, it's totally possible to create (and pass to ``http.client``) an
``SSLContext`` which doesn't verify various things. My proposal is only about
changing what happens when you don't explicitly pass a context.

Cheers,
Alex



More information about the Python-Dev mailing list