On 19 October 2013 22:44, Christian Heimes <christian@python.org> wrote:
">

(original) (raw)

You should ask Glyph too. He supplied lots of useful info about cert checking on the python-tulip list.


On Sat, Oct 19, 2013 at 7:14 AM, Nick Coghlan <ncoghlan@gmail.com> wrote:
On 19 October 2013 22:44, Christian Heimes <christian@python.org> wrote:

> Am 19.10.2013 00:56, schrieb Guido van Rossum:

> A couple of months I had a long and fruitful discussion with MAL about
\> the issue. Egenix PyOpenSSL installer comes with a root CA bundle. He
\> tried a couple of approaches to handle trust settings with OpenSSL
\> means. Eventually MAL had to split up the bundle into multiple files for
\> each purpuse, see
\> http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.2.1.0.1.5.html
\>
\> We should \*really\* write a PEP about it, specify all details and get a
\> proper review from real experts. This stuff is super complex and highly
\> fragile. :(

At the very least, it would be good if you and/or MAL could review the
cert verification in pip. PEP 453 makes that kinda important :)

Cheers,
Nick.

\--
Nick Coghlan � | � ncoghlan@gmail.com � | � Brisbane, Australia



--
--Guido van Rossum (python.org/\~guido)