This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lemburg
Recipients alex, barry, bkabrda, christian.heimes, doko, dstufft, janssen, lemburg, ncoghlan, pitrou, r.david.murray, rkuska, vstinner
Date 2015-05-08.22:35:51
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <554D3A34.8090206@egenix.com>
In-reply-to <1431123619.83.0.326467902643.issue23857@psf.upfronthosting.co.za>
Content 
Those are nice ideas, but you are forgetting two important points:

 * browsers are typically only being used by single users,
   applications by potentially hundreds or thousands of users

 * how should the poor sys admin who's task it is to keep Python
   up to date know which SSL certs to add to the trust store ?

E.g. assume your application fetches user comments for sentiment
analysis from a few thousand sites, or gathers status updates
from a few hundred routers and switches you have installed
at your site, or even more difficult: an application which
tries to map your IT world of a few thousand network nodes,
scanning port 443 for useful information.

For eGenix PyRun we have now implemented an env var PYRUN_HTTPSVERIFY
which can be set to 0 to disable the checks and revert back to
Python 2.7.8 standards, if necessary, on a per process basis.
History
Date User Action Args
2015-05-08 22:35:51lemburgsetrecipients: + lemburg, barry, doko, ncoghlan, janssen, pitrou, vstinner, christian.heimes, alex, r.david.murray, bkabrda, dstufft, rkuska
2015-05-08 22:35:51lemburglinkissue23857 messages
2015-05-08 22:35:51lemburgcreate