[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)

Kristján Valur Jónsson kristjan at ccpgames.com
Thu Jan 23 07:02:18 CET 2014

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message----- From: Python-Dev [mailto:python-dev-_ _bounces+kristjan=ccpgames.com at python.org] On Behalf Of Nick Coghlan Sent: Wednesday, January 22, 2014 19:45 To: Paul Moore Cc: Python-Dev Subject: Re: [Python-Dev] Enable Hostname and Certificate Chain Validation Right, the browsers have a whole system of "click through" security to make the web (and corporate intranets!) still usable even when they only accept CA signed certs by default. With a programming language, there's no such interactivity, so applications just break and users don't know why.

If not already possible, I suggest that we allow the use of a certificate validation callback (it isn't possible for 2.7, I just hacked in one yesterday to allow me to ignore out-date-failure for certificates.) Using this, it would be possible to e.g. emit warnings when certificiate failures occur, rather than deny connection outright.

K

• Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list