[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)

Alex Gaynor alex.gaynor at gmail.com
Wed Sep 3 19:15:13 CEST 2014

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ethan Furman <ethan stoneleaf.us> writes:

I apologize if I missed this point, but if we have the source code then it is possible to go in and directly modify the application/utility to be able to talk over https to a router with an invalid certificate? This is an option when creating the sslcontext? -- Ethan

Yes, it's totally possible to create (and pass to http.client) an SSLContext which doesn't verify various things. My proposal is only about changing what happens when you don't explicitly pass a context.

Cheers, Alex

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list