validating HTTPS certificates?
Andras.Horvath at cern.ch
Andras.Horvath at cern.ch
Mon Jun 29 03:18:20 EDT 2009
On Fri, Jun 26, 2009 at 07:01:24PM +0200, Nobody wrote:
> For a urllib-style interface, there's not much point in performing
> verification after the fact. Either the library performs verification or
> it doesn't. If it doesn't, you've just sent the (potentially confidential)
> request to an unknown server; discovering this after the fact doesn't
> really help.
I was more thinking about supplying a/some CA certificate(s) and
requiring that the site cert be valid (otherwise the connection should
fail). This sounds very EAFP to me.
Andras
More information about the Python-list
mailing list