[Python-Dev] PEP 476: Enabling certificate validation by default!
R. David Murray
rdmurray at bitdance.com
Wed Sep 3 21:10:07 CEST 2014
On Wed, 03 Sep 2014 10:09:36 -0700, Ethan Furman <ethan at stoneleaf.us> wrote:
> On 09/03/2014 08:58 AM, R. David Murray wrote:
> >
> > I'm OK with letting go of this invalid-cert issue myself, given the lack
> > of negative feedback Twisted got. I'll just keep my fingers crossed.
>
> I apologize if I missed this point, but if we have the source code then it is possible to go in and directly modify the
> application/utility to be able to talk over https to a router with an invalid certificate? This is an option when
> creating the ssl_context?
The immediately preceding paragraph that you didn't quote said that the
context was 3rd party applications, not source code under your control.
Yes, you can (usually) still hack the source, but there are good reasons to
prefer to not do that, unfamiliarity with the codebase being just one of
them.
--David
More information about the Python-Dev
mailing list