New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop recommending CACert.org in the SSL documentation #65242
Comments
CACert is not in the root trust store on *any* platform that I'm aware of, and has not passed any audits. See http://lwn.net/SubscriberLink/590879/ce23ed7bab68e489/ for more background. In it's place I've added StartSSL, which is included in most (all?) root trust stores, and offers free certs. |
I completely agree, it seems less than good to recommend CACert. |
That whole paragraph in the documentation is weird. Usually, you don't download select root certificates from various CAs, you just elect to trust a predetermined set of root certs (the system ones, usually). I would suggest rewording it and dropping the various download URLs. (and if the suggestion to provide the full chain is obsolete for SSLv3 and TLSv1, then similarly it may be dropped entirely - we needn't support SSLv2 specificities in the docs) |
It's quite old (that paragraph) likely it was written that way because back then Python didn't have a way to load certificates. |
I've attempted to modernize the paragraph. |
Removed 2.7 since there's no API for getting the platform certs. |
The latest patch looks good to me. |
Looks good to me too. |
New changeset 6f776c91da08 by Donald Stufft in branch '3.4': |
New changeset 0485552b487e by Donald Stufft in branch 'default': |
New changeset 7ef262eafecd by Donald Stufft in branch '2.7': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: