[Python-Dev] PEP476: Enabling certificate validation by default
Alex Gaynor
alex.gaynor at gmail.com
Sat Sep 20 17:54:56 CEST 2014
Done and done.
Alex
On Fri, Sep 19, 2014 at 4:13 PM, Guido van Rossum <guido at python.org> wrote:
> +1 on Nick's suggestion. (Might also mention that this is the reason why
> both functions should exist and have compatible signatures.)
>
> Also please, please, please add explicit mention of Python 2.7, 3.4 and
> 3.5 in the Abstract (for example in the 3rd paragraph of the abstract).
>
> On Fri, Sep 19, 2014 at 3:52 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
>
>> On 20 September 2014 08:34, Alex Gaynor <alex.gaynor at gmail.com> wrote:
>> > Pushed a new version which I believe adresses all of these. I added an
>> > example of opting-out with urllib.urlopen, let me know if there's any
>> other
>> > APIs you think I should show an example with.
>>
>> It would be worth explicitly stating the process global monkeypatching
>> hack:
>>
>> import ssl
>> ssl._create_default_https_context = ssl._create_unverified_context
>>
>> Adding that hack to sitecustomize allows corporate sysadmins that can
>> update their standard operating environment more easily than they can
>> fix invalid certificate infrastructure to work around the problem on
>> behalf of their users. It also helps out users that will be able to
>> deal with such broken infrastructure without updating each and every
>> one of their scripts.
>>
>> It's deliberately ugly because it's a genuinely bad idea that folks
>> should want to avoid using, but as a matter of practical reality,
>> corporate IT departments are chronically understaffed, and often fully
>> committed to fighting the crisis du jour, without sufficient time
>> being available for regular infrastructure maintenance tasks.
>>
>> Regards,
>> Nick.
>>
>> --
>> Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
>>
>
>
>
> --
> --Guido van Rossum (python.org/~guido)
>
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140920/1db1d7c0/attachment.html>
More information about the Python-Dev
mailing list