[issue17128] OS X system openssl deprecated - installer should build local libssl
Ronald Oussoren
report at bugs.python.org
Mon Feb 4 22:46:09 CET 2013
Ronald Oussoren added the comment:
I'm not sure if it is worthwhile to switch right now. Apple does deprecate the use of OpenSSL, but there version does offer a feature that's not in the default tree: it verifies SSL certificates against the CA list in the system keychain.
This means that users that verify certificates (cert_reqs=CERT_REQUIRED in the ssl module) could see a regression when they don't specificy a custom CA list. Not having to maintain such a list manually is very convenient.
In the longer run I'd like to try if it is possible to implement the SSL module (and other extensions linking with openssl) using Apple's crypto APIs.
(Note that a clear disadvantage of the latter is that those APIs are "above" the unix layer and likely cause problems when you use fork(2) without exec(2)).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17128>
_______________________________________
More information about the Python-bugs-list
mailing list