[Python-Dev] SSL issues in Python stdlib and 3rd party code (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Mon Aug 12 20:06:47 CEST 2013

• Previous message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
• Next message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Mon, 12 Aug 2013 19🔞17 +0200 Christian Heimes <christian at python.org> wrote:

related issue: Mozilla's certdata.txt and CKTNSSMUSTVERIFYTRUST - -------------------------------------------------------------------

Recently I found bugs in curl's mk-ca-bundle.pl script, its cacert.pem and in the CA bundle of eGenix.com pyOpenSSL Distribution. Both failed to handle a new option in Mozilla's certdata.txt database correctly. As a consequence the root CA bundles contained additionally and untrustworthy root certificates. I'm not sure about the severity of the issue.

Which goes to show that not bundling our own set of CA certificates is the safest route.

Regards

Antoine.

• Previous message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
• Next message: [Python-Dev] SSL issues in Python stdlib and 3rd party code
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list