[Python-Dev] PEP 476: Enabling certificate validation by default!
Paul Moore
p.f.moore at gmail.com
Sun Aug 31 22:30:28 CEST 2014
On 31 August 2014 21:15, Antoine Pitrou <antoine at python.org> wrote:
> What do you call your local cert store?
I was referring to Christian's comment
> It's very simple to trust a self-signed certificate: just download it and stuff it into the trust store.
>From his recent response, I guess he meant the system store, and he
agrees that this is a bad option.
OK, that's fair, but:
a) Is there really no OS-level personal trust store? I'm thinking of
Windows here for my own personal use, but the same question applies
elsewhere.
b) I doubt my confusion over Christian's response is atypical. Based
on what he said, if we hadn't had the subsequent discussion, I would
probably have found a way to add a cert to "the store" without
understanding the implications. While it's not Python's job to educate
users, it would be a shame if its default behaviour led people to make
ill-informed decisions.
Maybe an SSL HOWTO would be a useful addition to the docs, if anyone
feels motivated to write one.
Regardless, thanks for the education!
Paul
More information about the Python-Dev
mailing list