Message 335984 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	chris-k, christian.heimes, paul.moore, steve.dower, tim.golden, zach.ware
Date	2019-02-19.17:17:42
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1550596662.69.0.950785041801.issue36011@roundup.psfhosted.org>
In-reply-to

Content
Thanks. This is a well-known and long-standing issue between OpenSSL and Windows, and the best workaround right now is to use the Mozilla certs directly. One day when OpenSSL is no longer part of the CPython public API, then we can consider switching to an HTTP implementation that uses the operating system support (which in my experimentation is 2-3x faster than using OpenSSL anyway, but a big breaking change for a lot of code). Until then, use the options provided by OpenSSL to enable it to verify what you need.

Thanks.

This is a well-known and long-standing issue between OpenSSL and Windows, and the best workaround right now is to use the Mozilla certs directly.

One day when OpenSSL is no longer part of the CPython public API, then we can consider switching to an HTTP implementation that uses the operating system support (which in my experimentation is 2-3x faster than using OpenSSL anyway, but a *big* breaking change for a lot of code). Until then, use the options provided by OpenSSL to enable it to verify what you need.

History
Date	User	Action	Args
2019-02-19 17:17:42	steve.dower	set	recipients: + steve.dower, paul.moore, christian.heimes, tim.golden, zach.ware, chris-k
2019-02-19 17:17:42	steve.dower	set	messageid: <1550596662.69.0.950785041801.issue36011@roundup.psfhosted.org>
2019-02-19 17:17:42	steve.dower	link	issue36011 messages
2019-02-19 17:17:42	steve.dower	create