This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients alex, bkabrda, dstufft, janssen, ncoghlan, pitrou, r.david.murray, rkuska, vstinner
Date 2015-04-03.12:14:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1428063251.76.0.896970539342.issue23857@psf.upfronthosting.co.za>
In-reply-to
Content 
This issue is related to the PEP 476 which made the SSL certification checks mandatory by default.

The PEP contains a section to explain how to opt-out, but the solution is global:
https://www.python.org/dev/peps/pep-0476/#opting-out

I understand that Robert wants a finer grain.

> [https]  # each protocol affected by cert-verification got its own section

I'm not sure that the configuration should be made on the protocol. We may configure it per Python module (if we choose to accept the enhancement, I'm not convinced that it's good idea). Maybe it's a stupid idea, for example urllib and httplib are both used for HTTPS. But what about xmlrpclib? Should it follow the same policy?

> 2) certificate verification is optional already, is it not? That is, it can be turned off in your code, it is just on by default.

It requires to modify applications. Robert wants something to keep the Python 2.7.8 behaviour on Python 2.7.9 and newer. (Python 2.7.9 made SSL check mandatory by default, or is it only scheduled for Python 2.7.10? I don't remember :-()

> 3) what downstream are you talking about?

Robert and me are working for Red Hat.
History
Date User Action Args
2015-04-03 12:14:11vstinnersetrecipients: + vstinner, ncoghlan, janssen, pitrou, alex, r.david.murray, bkabrda, dstufft, rkuska
2015-04-03 12:14:11vstinnersetmessageid: <1428063251.76.0.896970539342.issue23857@psf.upfronthosting.co.za>
2015-04-03 12:14:11vstinnerlinkissue23857 messages
2015-04-03 12:14:11vstinnercreate