Message 124898 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	kiilerix
Recipients	kiilerix, pitrou
Date	2010-12-30.01:42:38
SpamBayes Score	3.1425974e-05
Marked as misclassified	No
Message-id	<1293673360.75.0.570895204435.issue10795@psf.upfronthosting.co.za>
In-reply-to

Content
As discussed on issue1589 it is now possible to create decent ssl connections with the ssl module - assuming ca_certs is specified and it is checked that the certificates matches. The standard library do however neither do that nor make it possible to do it in the places where it uses ssl. For example smtplib starttls do not make it possible at all to specify ca_certs. I suggest all uses of ssl should be reviewed - and fixed if necessary. The documentation should also be improved to make it clear what is necessary to create "secure" connections.

As discussed on issue1589 it is now possible to create decent ssl connections with the ssl module - assuming ca_certs is specified and it is checked that the certificates matches.

The standard library do however neither do that nor make it possible to do it in the places where it uses ssl. For example smtplib starttls do not make it possible at all to specify ca_certs.

I suggest all uses of ssl should be reviewed - and fixed if necessary. The documentation should also be improved to make it clear what is necessary to create "secure" connections.

History
Date	User	Action	Args
2010-12-30 01:42:40	kiilerix	set	recipients: + kiilerix, pitrou
2010-12-30 01:42:40	kiilerix	set	messageid: <1293673360.75.0.570895204435.issue10795@psf.upfronthosting.co.za>
2010-12-30 01:42:39	kiilerix	link	issue10795 messages
2010-12-30 01:42:38	kiilerix	create