Author christian.heimes
Recipients christian.heimes, gvanrossum, pitrou
Date 2013-10-19.17:08:10
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I fear it's a bit too late in the release cycle to get it right. Feature freeze is in about a month and this is a major change. 

The set_default_verify_paths() works only on some Unix platforms when OpenSSL configured with the distribution-specific paths to CAfile or CApath. A user installation of OpenSSL will most probably not work correctly. And there is Mac OS X ... Apple has deprecated OpenSSL and doesn't provide certificates as files. Apple's build of OpenSSL is patched and re-uses the keychain API.

My Windows patch only offers certificates that already exist in Windows' cert stores. IE can trigger background downloads of yet unknown
CA certs...

IMHO we should add root CA certs for every purpose with Python and implement a way to replace the shipped certs with update packages.
Date User Action Args
2013-10-19 17:08:10christian.heimessetrecipients: + christian.heimes, gvanrossum, pitrou
2013-10-19 17:08:10christian.heimessetmessageid: <>
2013-10-19 17:08:10christian.heimeslinkissue19292 messages
2013-10-19 17:08:10christian.heimescreate