[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)

Christian Heimes christian at python.org
Thu Jan 23 00:31:40 CET 2014

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22.01.2014 23:20, Nick Coghlan wrote:

However, now we have access to the system cert stores on all major platforms, I do think it's a good idea to eventually change the default settings to include host verification.

Somebody has revise the situation on OSX for Python 3.5 and possible create new bindings to the keychain API. OSX has only 0.9.8. Apple has deprecated OpenSSL and I'd like to drop 0.9.8 support in 3.5.

Such a proposal will also need to address the implications for source compatible Python 2/3 code across all secure network protocols, not just HTTPS (the latter can be handled relatively easily using the requests module).

Please count me in!

I see two options to handle Python < 3.4: backport the ssl module or hope that the "cryptography" library is ready.

Christian

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list