[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Wed Jan 22 17:07:46 CET 2014

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 22 Jan 2014 08:12:06 -0700 Eric Snow <ericsnowcurrently at gmail.com> wrote:

On Jan 22, 2014 6:17 AM, "M.-A. Lemburg" <mal at egenix.com> wrote: > Using an environment switch the extra checks could even be enabled > without any code changes.

When Donald brought this up it sounded good. It still does. This is similar to what we did for hash randomization.

The comparison is baseless. Hash randomization is a language feature that can only be enabled at interpreter startup, and is at best a per-application decision. SSL settings, on the other hand, have to be decided per-client endpoint, not per-process, and they will depend on the external service you connect to rather than the way your code is written.

I'm -1 on adding env vars because we can't agree on SSL configuration options.

Regards

Antoine.

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list