This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients alex, barry, bkabrda, doko, dstufft, janssen, ncoghlan, pitrou, r.david.murray, rkuska, vstinner
Date 2015-04-04.11:08:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1428145712.72.0.915835001396.issue23857@psf.upfronthosting.co.za>
In-reply-to
Content
I agree with Donald on all points. This shouldn't be done at the language level at all (why should it apply only to Python-written tools?). Having a centralized setting saying "I relinquish security on HTTPS accesses" sounds like a bad idea. And if this is solely for the "support legacy systems" business of some vendors, then it sounds like it may be close to Alex's post here :-)
https://alexgaynor.net/2015/mar/30/red-hat-open-source-community/

It's already possible to disable HTTPS certificate checking by using the right SSLContext options, at least with urllib and http.client.
History
Date User Action Args
2015-04-04 11:08:32pitrousetrecipients: + pitrou, barry, doko, ncoghlan, janssen, vstinner, alex, r.david.murray, bkabrda, dstufft, rkuska
2015-04-04 11:08:32pitrousetmessageid: <1428145712.72.0.915835001396.issue23857@psf.upfronthosting.co.za>
2015-04-04 11:08:32pitroulinkissue23857 messages
2015-04-04 11:08:32pitroucreate