[issue19508] Add warning that Python doesn't verify SSL certs by default
Antoine Pitrou
report at bugs.python.org
Wed Nov 6 09:54:56 CET 2013
Antoine Pitrou added the comment:
There is already an entire section about this:
http://docs.python.org/dev/library/ssl.html#security-considerations
It's up to consumers of the API to choose their security policy, the ssl module merely provides building blocks to implement it. I think the ssl docs are sufficiently explicit about it right now, we're not going to add warnings every time we think something is important to read.
As for "developers [who] are still surprised", well, most of them shouldn't use the ssl module directly.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19508>
_______________________________________
More information about the Python-bugs-list
mailing list