[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)
Paul Moore p.f.moore at gmail.com
Sun Aug 31 22:30:28 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 31 August 2014 21:15, Antoine Pitrou <antoine at python.org> wrote:
What do you call your local cert store?
I was referring to Christian's comment
It's very simple to trust a self-signed certificate: just download it and stuff it into the trust store.
From his recent response, I guess he meant the system store, and he agrees that this is a bad option.
OK, that's fair, but:
a) Is there really no OS-level personal trust store? I'm thinking of Windows here for my own personal use, but the same question applies elsewhere. b) I doubt my confusion over Christian's response is atypical. Based on what he said, if we hadn't had the subsequent discussion, I would probably have found a way to add a cert to "the store" without understanding the implications. While it's not Python's job to educate users, it would be a shame if its default behaviour led people to make ill-informed decisions.
Maybe an SSL HOWTO would be a useful addition to the docs, if anyone feels motivated to write one.
Regardless, thanks for the education!
Paul
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]