Author pitrou
Recipients Arfrever, alexis, barry, eric.araujo, fdrake, jwilk, loewis, pitrou, skrah, tarek, techtonik
Date 2011-06-07.11:16:05
SpamBayes Score 0.000207967
Marked as misclassified No
Message-id <1307445365.99.0.689464535688.issue12226@psf.upfronthosting.co.za>
In-reply-to
Content
> If you make an HTTPS connection without checking the certificate, what 
> security does it add?

Well, it does prevent the most trivial class of attacks (sniffing).
That said, Python has support for certificate checking, especially in 3.2+, so you should use that. You could e.g. bundle the CACert root certificate with the distribution.
History
Date User Action Args
2011-06-07 11:16:06pitrousetrecipients: + pitrou, loewis, fdrake, barry, techtonik, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis
2011-06-07 11:16:05pitrousetmessageid: <1307445365.99.0.689464535688.issue12226@psf.upfronthosting.co.za>
2011-06-07 11:16:05pitroulinkissue12226 messages
2011-06-07 11:16:05pitroucreate