[Python-Dev] Whats New in 3.4 is pretty much done...
Antoine Pitrou
solipsis at pitrou.net
Thu Mar 13 19:46:12 CET 2014
On Thu, 13 Mar 2014 14:57:41 +0100
Victor Stinner <victor.stinner at gmail.com> wrote:
> 2014-03-13 11:49 GMT+01:00 Christian Heimes <christian at python.org>:
> > * All stdlib modules now support server cert verification including
> > hostname matching and CRL.
> >
> > * http://bugs.python.org/issue16499 isolated mode is a security
> > improvement, too.
>
> Ok, I added these two items.
>
> Antoine wrote:
> > CRL? really? I don't remember us doing automatic CRL downloads.
>
> It's just the "support", nothing is automatic. I understood that you
> *can* load CRL and ask for CRL validation, but it must be done
> explicitly. There is a function to retrieve system CRLs on Windows.
Then you should perhaps make your phrasing more explicit, because
people may wrongly assume that CRL checking will be done automatically
(IMHO).
(especially since hostname checking, AFAIK, *is* automatic now)
Regards
Antoine.
More information about the Python-Dev
mailing list