[Python-Dev] PYTHONHTTPSVERIFY env var (was: Clarification of PEP 476 "opting out" section)
ncoghlan at gmail.com
Fri May 8 11:36:48 CEST 2015
On 8 May 2015 6:52 pm, "M.-A. Lemburg" <mal at egenix.com> wrote:
> On 07.05.2015 04:30, Nick Coghlan wrote:
> >> Can we please make the monkeypatch a regular part of Python's
> >> site.py which can enabled via an environment variable, say
> >> export PYTHONHTTPSVERIFY=0.
> >> See http://bugs.python.org/issue23857 for the discussion.
> > ...
> > I actually do think it would be good to have such a feature as a
> > native part of Python 2.7 in order to provide a nicer "revert to the
> > pre-PEP-476 behaviour" experience for Python 2.7 users (leaving the
> > "there's no easy way to turn HTTPS certificate verification off
> > globally" state of affairs to Python 3), but I don't currently have
> > the time available to push for that against the "end users can't be
> > trusted not to turn certificate verification off when they should be
> > fixing their certificate management instead" perspective.
> We're currently working on a new release of eGenix PyRun and this
> will include Python 2.7.9.
> We do want to add such an env switch to disable the cert verification,
> so would like to know whether we can use PYTHONHTTPSVERIFY for this
> or not.
That's a slightly misleading quotation of my post, as I'm opposed to the
use of an environment variable for this, due to the fact that using the
"-E" switch will then revert to the upstream default behaviour of verifying
certificates, rather defeating the point of introducing the legacy
infrastructure compatibility feature in the first place.
A new informational PEP akin to PEP 394 that defines a config file location
& contents for downstream redistributors that need a smoother transition
plan for PEP 476 will let us handle this in a consistent way across
redistributors that's also compatible with runtime use of the -E switch.
> We mainly need this to reenable simple use of self-signed certificates
> which 2.7.9 disables.
> Marc-Andre Lemburg
> Professional Python Services directly from the Source (#1, May 08 2015)
> >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/
> >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
> ::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
> eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
> Registered at Amtsgericht Duesseldorf: HRB 46611
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev