[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)
Alex Gaynor alex.gaynor at gmail.com
Sat Aug 30 04:44:12 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks for the rapid feedback everyone!
I want to summarize the action items and discussion points that have come up so far:
To add to the PEP:
- Emit a warning in 3.4.next for cases that would raise a Exception in 3.5
- Clearly state that the existing OpenSSL environment variables will be respected for setting the trust root
Discussion points:
- Disabling verification entirely externally to the program, through a CLI flag or environment variable. I'm pretty down on this idea, the problem you hit is that it's a pretty blunt instrument to swing, and it's almost impossible to imagine it not hitting things it shouldn't; it's far too likely to be used in applications that make two sets of outbound connections: 1) to some internal service which you want to disable verification on, and 2) some external service which needs strong validation. A global flag causes the latter to fail silently when subjected to a MITM attack, and that's exactly what we're trying to avoid. It also makes things much harder for library authors: I write an API client for some API, and make TLS connections to it. I want those to be verified by default. I can't even rely on the httplib defaults, because someone might disable them from the outside.
Cheers, Alex
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]