[issue23857] [RFE] Make certificate verification optionable
STINNER Victor
report at bugs.python.org
Fri Apr 3 14:14:11 CEST 2015
STINNER Victor added the comment:
This issue is related to the PEP 476 which made the SSL certification checks mandatory by default.
The PEP contains a section to explain how to opt-out, but the solution is global:
https://www.python.org/dev/peps/pep-0476/#opting-out
I understand that Robert wants a finer grain.
> [https] # each protocol affected by cert-verification got its own section
I'm not sure that the configuration should be made on the protocol. We may configure it per Python module (if we choose to accept the enhancement, I'm not convinced that it's good idea). Maybe it's a stupid idea, for example urllib and httplib are both used for HTTPS. But what about xmlrpclib? Should it follow the same policy?
> 2) certificate verification is optional already, is it not? That is, it can be turned off in your code, it is just on by default.
It requires to modify applications. Robert wants something to keep the Python 2.7.8 behaviour on Python 2.7.9 and newer. (Python 2.7.9 made SSL check mandatory by default, or is it only scheduled for Python 2.7.10? I don't remember :-()
> 3) what downstream are you talking about?
Robert and me are working for Red Hat.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23857>
_______________________________________
More information about the Python-bugs-list
mailing list