Python OpenSSL library
Paul Rubin
no.email at nospam.invalid
Tue Jun 15 20:31:58 EDT 2010
Terry Reedy <tjreedy at udel.edu> writes:
>> Could similar notifications be added to urllib, etc? That's where
>> people really get bitten badly by this.
>
> If you have specific ideas, propose them on the tracker.
urllib is basically a web client and as such it should act like a
browser, with a default certificate store. It should refuse to connect
to an https host that doesn't have a valid certificate, unless you
override the default (supply your own CA store or validation routine).
There could be some pre-written override options, such as accept expired
certificate, accept certificate named "www.xyz.com" when the actual host
is "abc.xyz.com", or that sort of thing. These are code changes, not
doc updates.
More information about the Python-list
mailing list