[Python-Dev] PEP 476: Enabling certificate validation by default!
Alex Gaynor
alex.gaynor at gmail.com
Sat Aug 30 04:44:12 CEST 2014
Thanks for the rapid feedback everyone!
I want to summarize the action items and discussion points that have come up so
far:
To add to the PEP:
* Emit a warning in 3.4.next for cases that would raise a Exception in 3.5
* Clearly state that the existing OpenSSL environment variables will be
respected for setting the trust root
Discussion points:
* Disabling verification entirely externally to the program, through a CLI flag
or environment variable. I'm pretty down on this idea, the problem you hit is
that it's a pretty blunt instrument to swing, and it's almost impossible to
imagine it not hitting things it shouldn't; it's far too likely to be used in
applications that make two sets of outbound connections: 1) to some internal
service which you want to disable verification on, and 2) some external
service which needs strong validation. A global flag causes the latter to
fail silently when subjected to a MITM attack, and that's exactly what we're
trying to avoid. It also makes things much harder for library authors: I
write an API client for some API, and make TLS connections to it. I want
those to be verified by default. I can't even rely on the httplib defaults,
because someone might disable them from the outside.
Cheers,
Alex
More information about the Python-Dev
mailing list