[Python-Dev] PEP 476: Enabling certificate validation by default!

Christian Heimes christian at python.org
Wed Sep 3 21:07:18 CEST 2014

On 03.09.2014 19:29, Ethan Furman wrote:
> Excellent.  Last question (I hope): it is possible to (easily) create an
> SSLContext that will verify against a self-signed certificate?


   context = ssl.create_default_context(cafile="/path/to/selfsigned.pem")

That works iff the certificate is valid, not expired and its CN or SAN
matches the hostname of the service. When the hostname doesn't match
then you have to set

   context.check_hostname = False


More information about the Python-Dev mailing list