Python OpenSSL library
Antoine Pitrou
solipsis at pitrou.net
Tue Jun 15 17:25:40 EDT 2010
On Tue, 15 Jun 2010 14:14:08 -0700
geremy condra <debatem1 at gmail.com> wrote:
> >
> > Ok, thank you.
> > I have tried to put some effort into the py3k ssl docs, so that security
> > issues get mentioned:
> > http://docs.python.org/dev/py3k/library/ssl.html#security-considerations
> > Any improvement or correction is welcome.
>
> Could similar notifications be added to urllib, etc? That's where
> people really get bitten badly by this.
I suppose so, although I'm not responsible for these modules.
> > Also, following issue1589 (certificate hostname checking), I think it
> > would be useful at least to provide the necessary helper functions in
> > order to check certificate conformity, even if they aren't called
> > implicitly. I would encourage interested people to provide a patch for
> > the py3k ssl module, and will gladly review it.
>
> I'm not sure what this fixes if it doesn't get used in the higher-level
> modules, but I can ask if anybody is interested.
Actually it could be used, at least optionally, by the higher-level
modules (I'm not sure it can always be enabled by default, although
security-wise it would certainly be preferrable).
Regards
Antoine.
More information about the Python-list
mailing list