[Python-Dev] Simplify and unify SSL verification
Barry Warsaw
barry at python.org
Fri Nov 8 00:09:40 CET 2013
On Nov 07, 2013, at 10:42 PM, Christian Heimes wrote:
>You misunderstood me. I'm not proposing a global SSLContext object but a
>factory function that creates a context for Python stdlib modules. Right
>now every urllib, http.client, nntplib, asyncio, ftplib, poplib and
>imaplib have duplicated code. I'd like to have ONE function that creates
>and configures a SSLContext object with sensible default values for
>Python stdlib.
I'm sure you're considering this, but I want to explicitly preserve the
ability to register self-signed certificates. It's often necessary in
practice, but very useful for testing purposes.
ssl.SSLContext.load_cert_chain() is the way to do this, but will this be
exposed in your proposed factory function? If not, then I think it's
critically important that whatever API is exposed in the client code not hide
the SSLContext object, such that clients of the client code can load up those
self-signed certificates after the context has been created.
-Barry
More information about the Python-Dev
mailing list