Message204649
re: cert_paths = [...]
This approach is rather problematic, there's no guarantee that a path trusted on one system is trusted on another.
I saw this in setuptools branch, where it does:
for path in cert_path:
if os.path.exists(path)
return path
Let's say you're user1 on osx and your native true path is "/System/Library/OpenSSL/certs/cert.pem", can you guarantee that someone else, user2, cannot sneak their hacked files into "/etc/pki/" (presumably missing altogether) or "/usr/local/share/"?
Because if user2 can do that, suddenly user1 verifies all traffic against hacked ca list. |
|
Date |
User |
Action |
Args |
2013-11-28 13:08:11 | Dima.Tisnek | set | recipients:
+ Dima.Tisnek, loewis, barry, jcea, pitrou, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, naif, icordasc, dstufft, fweimer, lnussel |
2013-11-28 13:08:11 | Dima.Tisnek | set | messageid: <1385644091.52.0.0091104416292.issue13655@psf.upfronthosting.co.za> |
2013-11-28 13:08:11 | Dima.Tisnek | link | issue13655 messages |
2013-11-28 13:08:09 | Dima.Tisnek | create | |
|