[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Ben Hoyt
benhoyt at gmail.com
Mon Jun 3 11:57:10 CEST 2013
>> I'm not familiar with Unix/Linux, but on Windows, if it's anything
>> like mimetypes it'll be really hard to get consistent behaviour across
>> different boxes/versions from the registry, or wherever certs might be
>> stored on Windows. I'd much rather have a slightly outdated but
>> consistent experience by default.
>
> The problem with a "slightly outdated" CA store is that it can be a
> security risk.
True. This is different from mimetypes in that respect.
Also, with Christian's post about Windows cert store, it does look
like Windows has a stable/documented way to get this from the system.
I wonder, are the crypt32.dll Cert* functions what IE uses?
-Ben
More information about the Python-Dev
mailing list