[Python-Dev] Verification of SSL cert and hostname made easy

[Antoine Pitrou]

On Sun, 1 Dec 2013 21:33:06 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
> 
> If we don't do that, then I think Christian's approach is a reasonable
> compromise given the late stage of the release cycle - it ensures the
> context can't get into the inconsistent verify_mode=CERT_NONE and
> check_hostname=True state, and leaves our options completely open for
> 3.5:

I would prefer the check to be made when the the socket is created,
i.e. the wrap_socket() call.

Regards

Antoine.