[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Wed Sep 3 16:31:13 CEST 2014

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 02 Sep 2014 21:29:16 -0400 "R. David Murray" <rdmurray at bitdance.com> wrote:

The top proposal so far is an sslcustomize.py file that could be used to either decrease or increase the default security. This is a much less handy solution than application options (eg, curl, wget) that allow disabling security for "this cert" or "this CLI session". It also is more prone to unthinking abuse since it is persistent. So perhaps it is indeed not worth it. (That's why I suggested an environment variable...something you could specify on the command line for a one-off.)

I'll be fine with not adding any hooks at all, and letting people configure their application code correctly :-)

Regards

Antoine.

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list