[Python-Dev] Enable Hostname and Certificate Chain Validation
Christian Heimes
christian at python.org
Wed Jan 22 15:45:34 CET 2014
On 22.01.2014 15:36, Donald Stufft wrote:
> Last time I tried the reasoning was that Python couldn’t ship root certs
> and we couldn’t get to the OS certs everywhere. Thanks to you this
> is fixed now, so “once more unto the breach”.
The Windows situation is still not perfect, though. I'd love to use
Chrome's approach and directly hook Windows' crypt32 API into OpenSSL
verify function. That would trigger automatic retrieval of unknown root
certs and CRL checks.
More information about the Python-Dev
mailing list