Python and SSL
"Martin v. Löwis"
martin at v.loewis.de
Mon Oct 1 12:37:41 EDT 2007
>> No, as Martin points out, Python trusts EVERY certificate, which of
>> course misses the whole point of certificates. Whatever is making
>> your program fail is something different.
>
> Paul, are you sure for 100%. It is hard to belive.
Not sure how many confirmations you want, but I can add another one.
Paul is 100% correct. Python's SSL module, as shipped in Python 2.5.x
and earlier, performs no verification of the server certificate
whatsoever; it will silently accept any server certificate as correct.
Regards,
Martin
More information about the Python-list
mailing list