[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Benjamin Peterson
benjamin at python.org
Mon Jun 3 07:58:12 CEST 2013
More information about the Python-Dev mailing list
Mon Jun 3 07:58:12 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2013/6/2 Donald Stufft <donald at stufft.io>: > As of right now, as far as I can tell, Python does not validate HTTPS > certificates by default. As far as I can tell this is because there is no > guaranteed certificates available. > > So I would like to propose that CPython adopt the Mozilla SSL certificate > list and include it in core, and switch over the API's so that they verify > HTTPS by default. +1 > > Ideally this would take the shape of attempting to locate the system > certificate store if possible, and if that doesn't work falling back to the > bundled certificates. That way the various Linux distros can easily have > their copies of Python depend soley on their built in certs, but Windows, > OSX, Source compiles etc will all still have a fallback value. My preference would be actually be for the included certificates file to be used by default. This would provide a consistent experience across platforms. We could provide options to look for system cert repositories if desired. -- Regards, Benjamin
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list