This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients alex, barry, bkabrda, doko, dstufft, janssen, ncoghlan, pitrou, r.david.murray, rkuska, vstinner
Date 2015-04-04.11:08:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I agree with Donald on all points. This shouldn't be done at the language level at all (why should it apply only to Python-written tools?). Having a centralized setting saying "I relinquish security on HTTPS accesses" sounds like a bad idea. And if this is solely for the "support legacy systems" business of some vendors, then it sounds like it may be close to Alex's post here :-)

It's already possible to disable HTTPS certificate checking by using the right SSLContext options, at least with urllib and http.client.
Date User Action Args
2015-04-04 11:08:32pitrousetrecipients: + pitrou, barry, doko, ncoghlan, janssen, vstinner, alex, r.david.murray, bkabrda, dstufft, rkuska
2015-04-04 11:08:32pitrousetmessageid: <>
2015-04-04 11:08:32pitroulinkissue23857 messages
2015-04-04 11:08:32pitroucreate