[issue12226] use HTTPS by default for uploading packages to pypi
Christian Heimes
report at bugs.python.org
Fri Nov 22 22:25:22 CET 2013
Christian Heimes added the comment:
How about:
- load ca cert from default verify locations
- try connect with CERT_REQUIRED
- print warning when cert validation fails and try again with CERT_NONE
- match hostname otherwise
At least this warns the user about the issue. Is there way to distinguish between CA missing and other failures?
Antoine Pitrou <report at bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Well, passive attacks are the easiest to mount by a casual attacker, so
>I think this is important to get in.
>
>----------
>
>_______________________________________
>Python tracker <report at bugs.python.org>
><http://bugs.python.org/issue12226>
>_______________________________________
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue12226>
_______________________________________
More information about the Python-bugs-list
mailing list