[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Sat Aug 30 00:22:54 CEST 2014

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 29 Aug 2014 18:08:19 -0400 Donald Stufft <donald at stufft.io> wrote:

> > Are you sure that's possible ? Python doesn't load the > openssl.cnf file and the SSLCERTFILE, SSLCERTDIR env > vars only work for the openssl command line binary, AFAIK.

I’m not 100% sure on that. I know they are not limited to the command line binary as ruby uses those environment variables in the way I described above.

SSL_CERT_DIR and SSL_CERT_FILE are used, if set, when SSLContext.load_verify_locations() is called.

Actually, come to think of it, this allows us to write a better test for that method. Patch welcome!

Regards

Antoine.

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list