[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython) (original) (raw)
Barry Warsaw barry at python.org
Mon Jun 3 19:04:07 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jun 03, 2013, at 02:21 PM, Donald Stufft wrote:
The other additional comment I'd like to throw in here is that if we don't bundle SSL certs I think we should still verify by default (which means HTTPS urls will throw an error by default if we can't locate a certificate store) because I think the risk to people unknowingly thinking that their HTTPS urls are protected are significant enough that this "error" shouldn't be silent by default.
+1, especially if we ensure that the APIs are available to not verify, as is currently the case with urlopen(). I don't think people will want to do that in production, but it will be useful for testing (e.g. guess how I found issues 17977 :).
-Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/3f5d198e/attachment.pgp>
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]