Author christian.heimes
Recipients Arfrever, Giovanni.Bajo, alexis, barry, benjamin.peterson, christian.heimes, devin, dstufft, eric.araujo, fdrake, georg.brandl, jwilk, larry, loewis, pitrou, richard, skrah, tarek, techtonik
Date 2013-11-22.21:25:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <57810381-2cdb-4b04-b1c1-9cf6ec8cadcc@email.android.com>
In-reply-to <1385154623.35.0.823063484564.issue12226@psf.upfronthosting.co.za>
Content
How about:

- load ca cert from default verify locations
- try connect with CERT_REQUIRED
- print warning when cert validation fails and try again with CERT_NONE
- match hostname otherwise

At least this warns the user about the issue. Is there way to distinguish between CA missing and other failures?

Antoine Pitrou <report@bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Well, passive attacks are the easiest to mount by a casual attacker, so
>I think this is important to get in.
>
>----------
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue12226>
>_______________________________________
History
Date User Action Args
2013-11-22 21:25:22christian.heimessetrecipients: + christian.heimes, loewis, fdrake, barry, richard, georg.brandl, pitrou, larry, techtonik, benjamin.peterson, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis, devin, Giovanni.Bajo, dstufft
2013-11-22 21:25:22christian.heimeslinkissue12226 messages
2013-11-22 21:25:22christian.heimescreate