[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7
Chris Angelico
rosuav at gmail.com
Thu Jun 1 06:05:48 EDT 2017
On Thu, Jun 1, 2017 at 8:01 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
> On Thu, 1 Jun 2017 19:50:22 +1000
> Chris Angelico <rosuav at gmail.com> wrote:
>> On Thu, Jun 1, 2017 at 7:23 PM, Antoine Pitrou <antoine at python.org> wrote:
>> >> Do you also disagree on the need of the need of the PEP 546
>> >> (backport) to make the PEP 543 (new TLS API) feasible in practice?
>> >
>> > Yes, I disagree. We needn't backport that new API to Python 2.7.
>> > Perhaps it's time to be reasonable: Python 2.7 has been in bugfix-only
>> > mode for a very long time. Python 3.6 is out. We should move on.
>>
>> But it is in *security fix* mode for at least another three years
>> (ish). Proper use of TLS certificates is a security question.
>
> Why are you bringing "proper use of TLS certificates"? Python 2.7
> doesn't need another backport for that. The certifi package is
> available for Python 2.7 and can be integrated simply with the existing
> ssl module.
As stated in this thread, OS-provided certificates are not handled by
that. For instance, if a local administrator distributes a self-signed
cert for the intranet server, web browsers will use it, but pip will
not.
ChrisA
More information about the Python-Dev
mailing list