Python OpenSSL library
geremy condra
debatem1 at gmail.com
Tue Jun 15 21:07:35 EDT 2010
On Tue, Jun 15, 2010 at 5:31 PM, Paul Rubin <no.email at nospam.invalid> wrote:
> Terry Reedy <tjreedy at udel.edu> writes:
>>> Could similar notifications be added to urllib, etc? That's where
>>> people really get bitten badly by this.
>>
>> If you have specific ideas, propose them on the tracker.
>
> urllib is basically a web client and as such it should act like a
> browser, with a default certificate store. It should refuse to connect
> to an https host that doesn't have a valid certificate, unless you
> override the default (supply your own CA store or validation routine).
> There could be some pre-written override options, such as accept expired
> certificate, accept certificate named "www.xyz.com" when the actual host
> is "abc.xyz.com", or that sort of thing. These are code changes, not
> doc updates.
I've opened the requested bug report:
http://bugs.python.org/issue9003
Just for the record, I'd rather see this fixed than note the need for a
workaround.
Geremy Condra
More information about the Python-list
mailing list