[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)

Donald Stufft donald at stufft.io
Wed Jan 22 14:55:02 CET 2014

On Jan 22, 2014, at 8:29 AM, Christian Heimes <christian at python.org> wrote:

On 22.01.2014 12:45, Nick Coghlan wrote:

We also have to account for the fact that an awful lot of Python applications are corporate ones relying on perimeter defence for security, or private CAs, or just self-signed certificates that their users have already accepted. There are limits to the amount of backwards incompatible change users will tolerate, and at this point in time we're still trying to get people to accept proper Unicode support. Side note: Users can simple add self-signed certs to OpenSSL's cert store and get validation for free. It's possible to do that with an environment variable, too. But I recommend against the environment variable because you may overwrite to operating store. Christian

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

As an additional side note, anecdotal evidence and what not, but every time I bring this up somewhere I get at least one reply that looks similar to https://twitter.com/ojiidotch/status/425986619879866368

Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/2ce5b511/attachment.sig>

More information about the Python-Dev mailing list