[Python-Dev] RFC: Backport ssl.MemoryBIO and ssl.SSLObject to Python 2.7

Antoine Pitrou antoine at python.org
Thu Jun 1 06:28:57 EDT 2017


Le 01/06/2017 à 12:23, Cory Benfield a écrit :
> 
> No it can’t.
> 
> OpenSSL builds chains differently, and disregards some metadata that Windows and macOS store, which means that cert validation will work differently than in the system store. This can lead to pip accepting a cert marked as “untrusted for SSL”, for example, which would be pretty bad.

Are you claiming that OpenSSL certificate validation is insecure and
shouldn't be used at all?  I have never heard that claim before.

Regards

Antoine.


More information about the Python-Dev mailing list