This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ned.deily
Recipients benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren
Date 2014-02-28.08:28:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393576081.81.0.155516442205.issue17128@psf.upfronthosting.co.za>
In-reply-to
Content 
Crys, as Ronald noted above: "Now that I look at that code again: we can't extract that code and use it to patch upstream OpenSSL, the TrustEvaluationAgent framework is a private framework and hence off limits."  It doesn't seem like a good idea to be trying to base security on a private, undocumented framework and one that can change from OS X release to OS X release: our binary installers for OS X are designed to support multiple OS X versions.  I think the certsync approach is safer and more robust.  The other approach would be to directly use Apple's crypto APIs rather than OpenSSL but that would be a lot of work and a lot of testing and would also be more coupled to specific OS X releases.
History
Date User Action Args
2014-02-28 08:28:01ned.deilysetrecipients: + ned.deily, loewis, georg.brandl, ronaldoussoren, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen
2014-02-28 08:28:01ned.deilysetmessageid: <1393576081.81.0.155516442205.issue17128@psf.upfronthosting.co.za>
2014-02-28 08:28:01ned.deilylinkissue17128 messages
2014-02-28 08:28:01ned.deilycreate