This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Arfrever, Giovanni.Bajo, alexis, barry, benjamin.peterson, christian.heimes, devin, dstufft, eric.araujo, fdrake, georg.brandl, jwilk, larry, loewis, pitrou, richard, skrah, tarek, techtonik
Date 2013-11-22.21:25:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <57810381-2cdb-4b04-b1c1-9cf6ec8cadcc@email.android.com>
In-reply-to <1385154623.35.0.823063484564.issue12226@psf.upfronthosting.co.za>
Content 
How about:

- load ca cert from default verify locations
- try connect with CERT_REQUIRED
- print warning when cert validation fails and try again with CERT_NONE
- match hostname otherwise

At least this warns the user about the issue. Is there way to distinguish between CA missing and other failures?

Antoine Pitrou <report@bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Well, passive attacks are the easiest to mount by a casual attacker, so
>I think this is important to get in.
>
>----------
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue12226>
>_______________________________________
History
Date User Action Args
2013-11-22 21:25:22christian.heimessetrecipients: + christian.heimes, loewis, fdrake, barry, richard, georg.brandl, pitrou, larry, techtonik, benjamin.peterson, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis, devin, Giovanni.Bajo, dstufft
2013-11-22 21:25:22christian.heimeslinkissue12226 messages
2013-11-22 21:25:22christian.heimescreate