[Python-Dev] PEP 476: Enabling certificate validation by default!
Antoine Pitrou
solipsis at pitrou.net
Sat Aug 30 00:22:54 CEST 2014
On Fri, 29 Aug 2014 18:08:19 -0400
Donald Stufft <donald at stufft.io> wrote:
> >
> > Are you sure that's possible ? Python doesn't load the
> > openssl.cnf file and the SSL_CERT_FILE, SSL_CERT_DIR env
> > vars only work for the openssl command line binary, AFAIK.
>
> I’m not 100% sure on that. I know they are not limited to the command
> line binary as ruby uses those environment variables in the way I
> described above.
SSL_CERT_DIR and SSL_CERT_FILE are used, if set, when
SSLContext.load_verify_locations() is called.
Actually, come to think of it, this allows us to write a better
test for that method. Patch welcome!
Regards
Antoine.
More information about the Python-Dev
mailing list