[Python-Dev] PEP 476: Enabling certificate validation by default!

Ethan Furman ethan at stoneleaf.us
Wed Sep 3 19:29:42 CEST 2014

On 09/03/2014 10:15 AM, Alex Gaynor wrote:
> Ethan Furman writes:
>> I apologize if I missed this point, but if we have the source code then it is
>> possible to go in and directly modify the application/utility to be able to
>> talk over https to a router with an invalid certificate?  This is an option
>> when creating the ssl_context?
> Yes, it's totally possible to create (and pass to ``http.client``) an
> ``SSLContext`` which doesn't verify various things. My proposal is only about
> changing what happens when you don't explicitly pass a context.

Excellent.  Last question (I hope): it is possible to (easily) create an SSLContext that will verify against a 
self-signed certificate?


More information about the Python-Dev mailing list