This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ronaldoussoren
Recipients benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren
Date 2014-02-28.13:23:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za>
In-reply-to
Content 
AFAIK OpenSSL has hooks that can be called when a certificate needs to be validated. If I my memory is correct this could be used to validate certificates using a public API (basically doing the same as Apple's patch, but using public APIs for the system and OpenSSL).

This has one significant risk though: as we've found at a couple of times (such as with the _scproxy extension) Apple's API don't necessary play along nicely when you use execv without fork or fork without execv :-(. I have no idea if Apple's preferred crypto APIs suffer from this problem.
History
Date User Action Args
2014-02-28 13:23:33ronaldoussorensetrecipients: + ronaldoussoren, loewis, georg.brandl, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, ned.deily, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen
2014-02-28 13:23:32ronaldoussorensetmessageid: <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za>
2014-02-28 13:23:32ronaldoussorenlinkissue17128 messages
2014-02-28 13:23:31ronaldoussorencreate