Message 117611 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	asdfasdfasdfasdfasdfasdfasdf
Recipients	asdfasdfasdfasdfasdfasdfasdf, docs@python, orsenthil, pitrou
Date	2010-09-29.14:32:08
SpamBayes Score	0.004523941
Marked as misclassified	No
Message-id	<AANLkTinWkSQQxzuwJJO94PC7XOTDjqeG0qAcuZCvKzCi@mail.gmail.com>
In-reply-to	<1285765909.3168.13.camel@localhost.localdomain>

Content
Yes totally imho these modules should get fixed to actually do ssl checking. This means that most users of these methods, even if they think they are doing it properly as per the ssl module page, are still vulnerable to attack. I will add this comment to the bug you linked to above. As an example, it only took a few minutes to confirm that the default bzr install on ubuntu is vulnerable -> https://bugs.edge.launchpad.net/bzr/+bug/651161 (bzr is only vulnerable if pycurl isn't installed but pycurl is only a suggestion not a dependency ... ).

Yes totally imho these modules should get fixed to actually do ssl checking.
This means that most users of these methods, even if they think they
are doing it properly as per the ssl module page, are still vulnerable
to attack.

I will add this comment to the bug you linked to above.
As an example, it only took a few minutes to confirm that the default
bzr install on ubuntu is vulnerable ->
https://bugs.edge.launchpad.net/bzr/+bug/651161
(bzr is only vulnerable if pycurl isn't installed but pycurl is only a
suggestion not a dependency ... ).

History
Date	User	Action	Args
2010-09-29 14:32:10	asdfasdfasdfasdfasdfasdfasdf	set	recipients: + asdfasdfasdfasdfasdfasdfasdf, orsenthil, pitrou, docs@python
2010-09-29 14:32:08	asdfasdfasdfasdfasdfasdfasdf	link	issue9983 messages
2010-09-29 14:32:08	asdfasdfasdfasdfasdfasdfasdf	create