[Python-Dev] PEP476: Enabling certificate validation by default
Christian Heimes
christian at python.org
Sat Sep 20 12:40:06 CEST 2014
On 19.09.2014 18:53, Alex Gaynor wrote:
> Hi all,
>
> I've just updated the PEP to reflect the API suggestions from Nick, and the
> fact that the necessary changes to urllib were landed.
>
> I think this is ready for pronouncement, Guido?
There is still the issue with SSL_CERT_DIR and SSL_CERT_FILE on Windows
and Apple's OpenSSL builds on OSX. I've opened a bug report
http://bugs.python.org/issue22449
tl;dr
On Windows SSL_CERT_DIR and SSL_CERT_FILE are simply ignored by
SSLContext.load_verify_locations.
On OSX Apple's Trust Evaluation Agent adds certs behind the scene.
More information about the Python-Dev
mailing list