Message192639
> I think we can improve the situation with shipping our own CA certs.
> Almost every operating system or distribution comes with a set of CA
> certs.
Why would we ship our own CA certs if every OS comes with CA certs?
> I lots of Linux distributions and most BSD systems. All except
> FreeBSD install CA certs by default. A fresh FreeBSD systems doesn't
> have certs but ``pkg_add -r ca-root-nss`` fixes that.
Kudos to FreeBSD.
Anyway, isn't SSLContext.set_default_verify_paths() enough already?
> Here is a full list: [snip full list]
I don't think it's a good idea to maintain a list of hard-coded
paths in Python: it's not manageable, and it will always become
outdated. If there was a widely-respected standard (e.g. in FHS or
LSB), things would be a lot better. |
|
Date |
User |
Action |
Args |
2013-07-08 11:56:42 | pitrou | set | recipients:
+ pitrou, loewis, barry, jcea, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, naif, icordasc, fweimer |
2013-07-08 11:56:42 | pitrou | link | issue13655 messages |
2013-07-08 11:56:41 | pitrou | create | |
|