[issue19292] Make SSLContext.set_default_verify_paths() work on Windows
Christian Heimes
report at bugs.python.org
Sat Oct 19 18:09:50 CEST 2013
Christian Heimes added the comment:
Am 19.10.2013 18:02, schrieb Guido van Rossum:
> @Christian: What is holding up those patches? I don't believe we should be
> in the business of distributing certificates -- we should however make it
> easy to use the system certificates.
The usual issues: lack of time and too much to do.
>
> @Antoine: I still claim that a flag that defaults to no security is a
> vulnerability -- nobody reads warnings in docs until *after* they've been
> bitten. It should be an explicit choice in the script or app to disable
> certificate checking. If you can't access a server because its certificate
> is expired, how is that different than any other misconfiguration that
> makes a server inaccessible until its administrator fixes it?
It would be nice to add a feature to the SSL module that behaves like
browsers: white list a cert's SPKI (subject private key info) for a FQDN
+ Port.
Christian
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19292>
_______________________________________
More information about the Python-bugs-list
mailing list