bad certificate error

Steven D'Aprano steve at REMOVE-THIS-cybersource.com.au
Tue Jul 28 01:00:27 CEST 2009


On Mon, 27 Jul 2009 15:23:41 -0300, Gabriel Genellina wrote:

> En Mon, 27 Jul 2009 12:57:40 -0300, jakecjacobson
> <jakecjacobson at gmail.com> escribió:
> 
>> I was wondering if this is due to the server having a invalid server
>> cert?  If I go to this server in my browser, I get a "This server tried
>> to identify itself with invalid information".  Is there a way to ignore
>> this issue with Python?  Can I setup a trust store and add this server
>> to the trust store?
> 
> I don't see the point in trusting someone that you know is telling lies
> about itself.

Don't you? It's just commonsense risk assessment.

It's far more likely that the server has an incorrectly setup certificate 
managed by an incompetent sys admin than it is that somebody is eaves-
dropping on my connection to https://somerandom.site.com/something-trivial

Particularly when the connection is on my own intranet and I know the sys 
admin in question has made a mistake and the new certificate is scheduled 
to be installed "some time next week". *wink*

Of course, if there was sensitive information involved, or money, then 
I'd be more concerned.


-- 
Steven



More information about the Python-list mailing list