Le 05/04/2015 21:26, Marc-Andre Lemburg a écrit :
> 
> But this is only an example of an application not working anymore
> because the system's OpenSSL could not verify certificates.
> In this case, no root CA certs were available. On older systems
> with proper root CA certs, it's likely that the newer CA certs
> needed to verify the PyPI certificates are not installed...
> and yes: those system do exist and are in active use, simply because
> they cannot be upgraded for other reasons :-)

Let's sum it up:

- the machine can't be upgraded, but you are upgrading Python by hand
(hand-compiled?)

- OpenSSL is installed but there are no root CA certs (?!)

- the machine probably isn't ever doing a single verified HTTPS access,
for the previous reason, and nobody cares about it

- you want to be able to use unauthenticated HTTPS to download and
install software from the Internet

And, since this is an AIX machine, I'm presuming this isn't a hobbyist's
setup, but an enterprise system with paid-for support and licenses,
right? And you want the python-dev community to care for that broken
situation by bearing the cost of additional maintenance and security
risk in implementing the new configuration options?