Author christian.heimes
Recipients christian.heimes, gvanrossum, pitrou
Date 2013-10-19.16:09:50
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <5262AECC.9080109@cheimes.de>
In-reply-to <CAP7+vJJw1e=jT7M8rNWULYBZjD3yaV=pm0Fu=7z7Y7zvYaH5hg@mail.gmail.com>
Content
Am 19.10.2013 18:02, schrieb Guido van Rossum:
> @Christian: What is holding up those patches? I don't believe we should be
> in the business of distributing certificates -- we should however make it
> easy to use the system certificates.

The usual issues: lack of time and too much to do.

> 
> @Antoine: I still claim that a flag that defaults to no security is a
> vulnerability -- nobody reads warnings in docs until *after* they've been
> bitten. It should be an explicit choice in the script or app to disable
> certificate checking. If you can't access a server because its certificate
> is expired, how is that different than any other misconfiguration that
> makes a server inaccessible until its administrator fixes it?

It would be nice to add a feature to the SSL module that behaves like
browsers: white list a cert's SPKI (subject private key info) for a FQDN
+ Port.

Christian
History
Date User Action Args
2013-10-19 16:09:50christian.heimessetrecipients: + christian.heimes, gvanrossum, pitrou
2013-10-19 16:09:50christian.heimeslinkissue19292 messages
2013-10-19 16:09:50christian.heimescreate