[Python-Dev] PEP 476: Enabling certificate validation by default!
alex.gaynor at gmail.com
Wed Sep 3 19:15:13 CEST 2014
Ethan Furman <ethan <at> stoneleaf.us> writes:
> I apologize if I missed this point, but if we have the source code then it is
> possible to go in and directly modify the application/utility to be able to
> talk over https to a router with an invalid certificate? This is an option
> when creating the ssl_context?
Yes, it's totally possible to create (and pass to ``http.client``) an
``SSLContext`` which doesn't verify various things. My proposal is only about
changing what happens when you don't explicitly pass a context.
More information about the Python-Dev