Message242781
Please let me join the party. :)
Like Antoine and Donald I'm against an option to disable certificate validation. I truly believe it's the wrong approach for the problem.
Users don't *want* to disable security checks either. They disable the check because a SSL verification error is disruptive and they want to get on with their lives. Because with Python they have no other easy option they take the quick and easy path. *Yoda's voice* If you end SSL verification now - if you choose the quick and easy path as others did - you will become an agent of evil.
I like to suggest a better way. Let's handle cert checks like Firefox or OpenSSH. Both give you the option to trust an unknown certificate for a specific host name and remember this trust, too. Let's add a feature to do the same with Python. Yes, it would require more work, additional features and careful engineering. But I strongly believe it's the better approach.
Rough design idea:
$ python ssl trustcert https://192.168.42.1
This command retrieves the cert from 192.168.42.1:443 and stores the mapping of 192.168.42.1 to SPKI sha512 hash in a file/directory relative sys.prefix.
When a ssl._create_stdlib_context() context gets a verification error, then it checks the file for the hostname and SPKI hash of the leaf certificate.
This features requires access to SPKI as DER and a proper verify_cb callback function. Disclaimer: I have code for the first feature and a plan for the second. |
|
Date |
User |
Action |
Args |
2015-05-08 22:14:38 | christian.heimes | set | recipients:
+ christian.heimes, lemburg, barry, doko, ncoghlan, janssen, pitrou, vstinner, alex, r.david.murray, bkabrda, dstufft, rkuska |
2015-05-08 22:14:38 | christian.heimes | set | messageid: <1431123278.42.0.615455343741.issue23857@psf.upfronthosting.co.za> |
2015-05-08 22:14:38 | christian.heimes | link | issue23857 messages |
2015-05-08 22:14:38 | christian.heimes | create | |
|