[Python-Dev] PYTHONHTTPSVERIFY env var (was: Clarification of PEP 476 "opting out" section)

Nick Coghlan ncoghlan at gmail.com
Fri May 8 11:36:48 CEST 2015

On 8 May 2015 6:52 pm, "M.-A. Lemburg" <mal at egenix.com> wrote:
> On 07.05.2015 04:30, Nick Coghlan wrote:
> >> Can we please make the monkeypatch a regular part of Python's
> >> site.py which can enabled via an environment variable, say
> >>
> >> See http://bugs.python.org/issue23857 for the discussion.
> > ...
> > I actually do think it would be good to have such a feature as a
> > native part of Python 2.7 in order to provide a nicer "revert to the
> > pre-PEP-476 behaviour" experience for Python 2.7 users (leaving the
> > "there's no easy way to turn HTTPS certificate verification off
> > globally" state of affairs to Python 3), but I don't currently have
> > the time available to push for that against the "end users can't be
> > trusted not to turn certificate verification off when they should be
> > fixing their certificate management instead" perspective.
> We're currently working on a new release of eGenix PyRun and this
> will include Python 2.7.9.
> We do want to add such an env switch to disable the cert verification,
> so would like to know whether we can use PYTHONHTTPSVERIFY for this
> or not.

That's a slightly misleading quotation of my post, as I'm opposed to the
use of an environment variable for this, due to the fact that using the
"-E" switch will then revert to the upstream default behaviour of verifying
certificates, rather defeating the point of introducing the legacy
infrastructure compatibility feature in the first place.

A new informational PEP akin to PEP 394 that defines a config file location
& contents for downstream redistributors that need a smoother transition
plan for PEP 476 will let us handle this in a consistent way across
redistributors that's also compatible with runtime use of the -E switch.


> We mainly need this to reenable simple use of self-signed certificates
> which 2.7.9 disables.
> --
> Marc-Andre Lemburg
> eGenix.com
> Professional Python Services directly from the Source  (#1, May 08 2015)
> >>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
> >>> mxODBC Plone/Zope Database Adapter ...       http://zope.egenix.com/
> >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
> ________________________________________________________________________
> ::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
>    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
>     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
>            Registered at Amtsgericht Duesseldorf: HRB 46611
>                http://www.egenix.com/company/contact/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20150508/4b93b60f/attachment-0001.html>

More information about the Python-Dev mailing list