[Python-Dev] PEP 476: Enabling certificate validation by default!

[Christian Heimes]

On 03.09.2014 19:29, Ethan Furman wrote:
> Excellent.  Last question (I hope): it is possible to (easily) create an
> SSLContext that will verify against a self-signed certificate?

Yes:

   context = ssl.create_default_context(cafile="/path/to/selfsigned.pem")

That works iff the certificate is valid, not expired and its CN or SAN
matches the hostname of the service. When the hostname doesn't match
then you have to set

   context.check_hostname = False

Christian