[Python-Dev] Enable Hostname and Certificate Chain Validation

[Cory Benfield]

Donald Stufft <donald <at> stufft.io> writes:

> 
> I would like to propose that a backwards incompatible change be
> made to Python to make verification of hostname and certificate
> chain the default instead of requiring it to be opt in.

I'm overwhelmingly, dramatically +1 on this. There's no good
architectural reason to not use the built-in certificate chains by
default. I'd like to be in favour of backporting this change to earlier
Python versions as well, but it feels too aggressive, even to me.