[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Antoine Pitrou solipsis at pitrou.net
Thu Jun 1 06:18:12 EDT 2017


On Thu, 1 Jun 2017 20:05:48 +1000
Chris Angelico <rosuav at gmail.com> wrote:
> 
> As stated in this thread, OS-provided certificates are not handled by
> that. For instance, if a local administrator distributes a self-signed
> cert for the intranet server, web browsers will use it, but pip will
> not.

That's true.  But:
1) pip could grow a config entry to set an alternative or additional CA
path
2) it is not a "security fix", as not being able to recognize
privately-signed certificates is not a security breach.  It's a new
feature

Regards

Antoine.




More information about the Python-Dev mailing list