[issue18233] SSLSocket.getpeercertchain()
Chet Nichols III
report at bugs.python.org
Fri May 12 18:52:05 EDT 2017
Chet Nichols III added the comment:
Oh yeah, definitely not trustworthy at all. In my case, I am not processing the peer chain to actually verify trust, but I am still interested in inspecting the chain.
Dangerous or not, and regardless of what almost all people should *actually* be doing, SSL_get_peer_cert_chain exists for a reason, just like SSL_get_peer_certificate exists for a reason. If Python includes a standard SSL library, it should be transparent in the interface it offers, for the mere reason that the library becomes more powerful.
If the overall consensus is that the library should protect most people against common pitfalls and security mistakes, then I guess that's the route to continue on. However, I would be disappointed that we would be blacklisting the exposure of underlying library features based on the mere belief that people don't understand them enough!
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18233>
_______________________________________
More information about the Python-bugs-list
mailing list