Message 213510 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	r.david.murray
Recipients	christian.heimes, ezio.melotti, loewis, pitrou, r.david.murray, rhettinger, vstinner
Date	2014-03-14.01:48:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1394761681.48.0.0368871951763.issue20913@psf.upfronthosting.co.za>
In-reply-to

Content
To expand on that point a little: in the past, I could happily use the SMTP_SSL class (say) without thinking about certificates or server hostname verification, or pretty much of anything. This produced no verification, of course, which is the problem we are trying to solve. So we should have recipes somewhere in the docs that show how to use these facilities securely. It isn't obvious what the default security level currently is.

To expand on that point a little: in the past, I could happily use the SMTP_SSL class (say) without thinking about certificates or server hostname verification, or pretty much of anything.  This produced no verification, of course, which is the problem we are trying to solve.  So we should have recipes *somewhere* in the docs that show how to use these facilities securely.  It isn't obvious what the default security level currently is.

History
Date	User	Action	Args
2014-03-14 01:48:01	r.david.murray	set	recipients: + r.david.murray, loewis, rhettinger, pitrou, vstinner, christian.heimes, ezio.melotti
2014-03-14 01:48:01	r.david.murray	set	messageid: <1394761681.48.0.0368871951763.issue20913@psf.upfronthosting.co.za>
2014-03-14 01:48:01	r.david.murray	link	issue20913 messages
2014-03-14 01:48:00	r.david.murray	create