[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)
Donald Stufft donald at stufft.io
Wed Jan 22 15:33:18 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 22, 2014, at 9:28 AM, Paul Moore <p.f.moore at gmail.com> wrote:
On 22 January 2014 13:29, Christian Heimes <christian at python.org> wrote:
Side note: Users can simple add self-signed certs to OpenSSL's cert store and get validation for free. It's possible to do that with an environment variable, too. But I recommend against the environment variable because you may overwrite to operating store. I'm pretty sure what I'm about to ask isn't what you mean, but take it as an example of how people may misunderstand and/or misinterpret comments in this area ;-) So if I set up a PyPI mirror running under https, with a self-signed certificate, can you explain how I get it to work? For "work", assume I mean pip will use it, I can browse to it with my web browser, and my various Python scripts (now running under Python 3.5 with SSL verification on by default) that query the index all work without needing extra flags, code changes, or interactive prompts. I'm on Windows, by the way, just for added fun.
For everything but pip, you’d add it to your OS cert store. Pip doesn’t use that so you’d have to use the —cert config.
(This is a one of the real-world reasons I've never set up a local https index - not a big one, laziness trumps it by miles :-) as does the effectiveness of simpler solutions - but it's there. I did think about it at one stage. If I were to set up an index, it's definitely why I'd use http rather than bothering with https.) Paul
Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/56deb1e7/attachment.sig>
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]