Message 121343 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	asdfasdfasdfasdfasdfasdfasdf, eric.araujo, pitrou
Date	2010-11-17.10:31:28
SpamBayes Score	0.00437804
Marked as misclassified	No
Message-id	<1289989877.3772.2.camel@localhost.localdomain>
In-reply-to	<1289989465.27.0.72395203909.issue10441@psf.upfronthosting.co.za>

Content
> Are you referring to > http://code.python.org/hg/branches/py3k/rev/86f97255bfc8 > > where there is now > " > 2.29 + .. warning:: > 2.30 + If neither cafile nor capath is specified, an HTTPS request > 2.31 + will not do any verification of the server's certificate. > " > This doesnt' by default check the certificate does it ? > IMHO it should use a sane system capath by default and do the checking. I'm afraid Python has no business validating and distributing CA certificates. You have to use what is provided by your system libraries, if possible, and otherwise bundle your own.

> Are you referring to
> http://code.python.org/hg/branches/py3k/rev/86f97255bfc8
> 
> where there is now 
> "
>     2.29 +   .. warning::
>     2.30 +      If neither *cafile* nor *capath* is specified, an HTTPS request
>     2.31 +      will not do any verification of the server's certificate.
> "
> This doesnt' by default check the certificate does it ? 
> IMHO it should use a sane system capath by default and do the checking.

I'm afraid Python has no business validating and distributing CA
certificates. You have to use what is provided by your system libraries,
if possible, and otherwise bundle your own.

History
Date	User	Action	Args
2010-11-17 10:31:30	pitrou	set	recipients: + pitrou, eric.araujo, asdfasdfasdfasdfasdfasdfasdf
2010-11-17 10:31:28	pitrou	link	issue10441 messages
2010-11-17 10:31:28	pitrou	create