Message 181341 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, pitrou
Date	2013-02-04.16:14:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1359994472.8.0.804183286731.issue17123@psf.upfronthosting.co.za>
In-reply-to

Content
Python's ssl module doesn't support OCSP [1]. The example code at [2] doesn't look too complicated. We should consider OCSP at least for 3.4 and may want to backport it to older versions to prevent MITM attacks on PyPI downloads. [1]http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) [2] http://etutorials.org/Programming/secure+programming/Chapter+10.+Public+Key+Infrastructure/10.12+Checking+Revocation+Status+via+OCSP+with+OpenSSL/

Python's ssl module doesn't support OCSP [1]. The example code at [2] doesn't look too complicated. We should consider OCSP at least for 3.4 and may want to backport it to older versions to prevent MITM attacks on PyPI downloads.


[1]http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol)
[2] http://etutorials.org/Programming/secure+programming/Chapter+10.+Public+Key+Infrastructure/10.12+Checking+Revocation+Status+via+OCSP+with+OpenSSL/

History
Date	User	Action	Args
2013-02-04 16:14:32	christian.heimes	set	recipients: + christian.heimes, pitrou
2013-02-04 16:14:32	christian.heimes	set	messageid: <1359994472.8.0.804183286731.issue17123@psf.upfronthosting.co.za>
2013-02-04 16:14:32	christian.heimes	link	issue17123 messages
2013-02-04 16:14:32	christian.heimes	create