validating HTTPS certificates?

Andras.Horvath at Andras.Horvath at
Mon Jun 29 03:18:20 EDT 2009

On Fri, Jun 26, 2009 at 07:01:24PM +0200, Nobody wrote:

> For a urllib-style interface, there's not much point in performing
> verification after the fact. Either the library performs verification or
> it doesn't. If it doesn't, you've just sent the (potentially confidential)
> request to an unknown server; discovering this after the fact doesn't
> really help.

I was more thinking about supplying a/some CA certificate(s) and
requiring that the site cert be valid (otherwise the connection should
fail). This sounds very EAFP to me.


More information about the Python-list mailing list