[issue23857] Make default HTTPS certificate verification setting configurable via global ini file
Robert Kuska
report at bugs.python.org
Tue Apr 7 11:09:10 CEST 2015
Robert Kuska added the comment:
>Le 06/04/2015 13:29, Nick Coghlan a écrit :
>>
>> So while this isn't a feature upstream itself needs, it's one
potentially needed by multiple *downstreams*, so in my view it makes
sense for us to work with upstream to come up with the "one obvious way"
for redistributors to handle the problem (now that we know that my
initial attempt at providing such a way doesn't work in practice).
>
>So would it be possible for the actual implementation to be done outside
of CPython? (in a dedicated fork, for example)
Yes it would and most likely will be, but as Nick pointed out, it is important to come up with the "one obvious way".
I understand why my patch is not acceptable for the upstream, it was my first shot (yet suitable for us) to start a discussion about cert verification.
>From the proposed solutions mentioned I favour the ENV variable which would address also Donald concerns, using ENV variable per application to enable/disable cert verification instead of global enable/disable, (yet it could be also `export`ed for global settings), are there any real disadvantages of using this method?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23857>
_______________________________________
More information about the Python-bugs-list
mailing list