Message202245
Developers are still surprised that Python's ssl library doesn't validate SSL certs by default. We should add a *big* warning to the SSL module as well as to all consumers (http, ftp, imap, pop, smtp, nntp ...) that neither the CA cert chain nor the hostname are validated by default. (AFAIK only http.client does match_hostname()). |
|
Date |
User |
Action |
Args |
2013-11-05 22:52:08 | christian.heimes | set | recipients:
+ christian.heimes, janssen, pitrou, giampaolo.rodola, docs@python |
2013-11-05 22:52:07 | christian.heimes | set | messageid: <1383691927.99.0.022250098505.issue19508@psf.upfronthosting.co.za> |
2013-11-05 22:52:07 | christian.heimes | link | issue19508 messages |
2013-11-05 22:52:07 | christian.heimes | create | |
|