This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author chet
Recipients asmodai, chet, christian.heimes, dsoprea, dstufft, jcea, maker, miki725, mmasztalerczuk, pitrou, underrun
Date 2017-05-12.22:52:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1494629525.51.0.901023098796.issue18233@psf.upfronthosting.co.za>
In-reply-to
Content 
Oh yeah, definitely not trustworthy at all. In my case, I am not processing the peer chain to actually verify trust, but I am still interested in inspecting the chain.

Dangerous or not, and regardless of what almost all people should *actually* be doing, SSL_get_peer_cert_chain exists for a reason, just like SSL_get_peer_certificate exists for a reason. If Python includes a standard SSL library, it should be transparent in the interface it offers, for the mere reason that the library becomes more powerful.

If the overall consensus is that the library should protect most people against common pitfalls and security mistakes, then I guess that's the route to continue on. However, I would be disappointed that we would be blacklisting  the exposure of underlying library features based on the mere belief that people don't understand them enough!
History
Date User Action Args
2017-05-12 22:52:05chetsetrecipients: + chet, jcea, pitrou, christian.heimes, asmodai, maker, underrun, dstufft, dsoprea, miki725, mmasztalerczuk
2017-05-12 22:52:05chetsetmessageid: <1494629525.51.0.901023098796.issue18233@psf.upfronthosting.co.za>
2017-05-12 22:52:05chetlinkissue18233 messages
2017-05-12 22:52:05chetcreate