[Python-Dev] PEP 476: Enabling certificate validation by default!
christian at python.org
Wed Sep 3 21:07:18 CEST 2014
On 03.09.2014 19:29, Ethan Furman wrote:
> Excellent. Last question (I hope): it is possible to (easily) create an
> SSLContext that will verify against a self-signed certificate?
context = ssl.create_default_context(cafile="/path/to/selfsigned.pem")
That works iff the certificate is valid, not expired and its CN or SAN
matches the hostname of the service. When the hostname doesn't match
then you have to set
context.check_hostname = False
More information about the Python-Dev