This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients kiilerix, loewis, pitrou
Date 2011-03-10.16:57:06
SpamBayes Score 2.2342708e-09
Marked as misclassified No
Message-id <1299776222.3808.23.camel@localhost.localdomain>
In-reply-to <1299768444.64.0.707969918835.issue10795@psf.upfronthosting.co.za>
Content 
> I'd rather recommend a different approach, where the set of CAs
> doesn't need to be specified for every module that directly or
> indirectly uses SSL. Instead, there should be support for a
> thread-local setting of the allowable CAs, and then no API changes are
> necessary.

While thread-local variables are fine in applications, I think they
should be avoided in libraries (especially the stdlib). There are too
many pitfalls (for example: the user decides to offload a network task
to a separate thread and different SSL parameters get silently used).

The API changes are quite simple, both in concept and in implementation.
I think explicit is really better than implicit when it comes to
security-critical parameters.
History
Date User Action Args
2011-03-10 16:57:07pitrousetrecipients: + pitrou, loewis, kiilerix
2011-03-10 16:57:06pitroulinkissue10795 messages
2011-03-10 16:57:06pitroucreate