[Python-Dev] PEP 476: Enabling certificate validation by default!
Victor Stinner
victor.stinner at gmail.com
Wed Sep 3 21:37:40 CEST 2014
2014-09-03 21:26 GMT+02:00 Christian Heimes <christian at python.org>:
> On 03.09.2014 19:54, Guido van Rossum wrote:
> I'm +1 for Python 3.5 but -1 for Python 2.7.
>
> The SSLContext backport will landed in Python 2.7.9 (to be released). No
> Python 2 user is familiar with the feature yet. But more importantly:
> None of the stdlib modules support the new feature, too. httplib,
> imaplib ... they all don't take a SSLContext object as an argument.
> PEP-466 does not include the backport for the network modules. Without
> the context argument there is simply no clean way to configure the SSL
> handshake properly.
Thanks, you replied before I asked the question :-) (If certificates
are validated by default, how do you disable the checks?)
Sorry, I didn't follow the whole discussion and Python 2.7 changes
related to security. Does Python 2.7 support loading (automatically)
system certificate authorities? Like the Windows certificate store:
https://docs.python.org/dev/whatsnew/3.4.html#whatsnew34-win-cert-store
Victor
More information about the Python-Dev
mailing list