[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)
Paul Moore p.f.moore at gmail.com
Wed Jan 22 15:19:54 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 22 January 2014 13:55, Donald Stufft <donald at stufft.io> wrote:
As an additional side note, anecdotal evidence and what not, but every time I bring this up somewhere I get at least one reply that looks similar to https://twitter.com/ojiidotch/status/425986619879866368
Surprise that Python doesn't verify certs is one thing. I would also like to live in a world where Python has always verified certs, and all the issues have already been resolved. Imposing breakage on end users because we haven't managed to persuade application developers to do the right thing yet (even though it appears we've made it one-line-of-code easy to do so) is another thing entirely.
But the deprecation cycle gives application developers time (and a deadline) so I'm happy with that.
Although from MAL's original comment:
Note that several python.org services use CAcerts which would no longer be accessible per default following such a change.
,The PSF needs to get that sorted before making cert validation the default in Python, IMO.
Paul
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]