[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)
"Martin v. Löwis" martin at v.loewis.de
Thu Jan 23 13:41:08 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 23.01.14 07:45, schrieb Scott Dial:
Anecdotally, I already know of a system at work that is using HTTPS purely for encryption, because the authentication is done in-band. So, a self-signed cert was wholly sufficient. The management tools use a RESTful interface over HTTPS for control, but you are telling me this will be broken by default now. What do I tell our developers (who often adopt the latest and greatest versions of things to play with)?
If they play with the newest version before actually using it in production, all is well. You can then tell them that they have four options:
- not upgrade to the newest Python release (at least not until they are willing to pursue any of the other alternatives)
- update the code to disable cert validation, or explicitly add the self-signed cert as a trusted one programmatically.
- update the client system configuration, to add the self-signed certificate as trusted (system-wide or per user).
- update the server, to use a cert signed by one of the trusted CAs.
Regards, Martin
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]