[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Ethan Furman
ethan at stoneleaf.us
Mon Jun 3 20:56:45 CEST 2013
More information about the Python-Dev mailing list
Mon Jun 3 20:56:45 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 06/03/2013 11:34 AM, Antoine Pitrou wrote: > On Mon, 3 Jun 2013 14:12:34 -0400 > Donald Stufft wrote: >> >> I worry with the current situation people will just use TLS connections without realizing it's not being verified and thinking they are "safe". > > Yet there's quite a visible warning in the docs: > http://docs.python.org/dev/library/urllib.request.html As has been been mentioned elsewhere, at the very least we should change cadefault to True for secure-type connections. The dangerous/unexpected behavior should not be the default. -- ~Ethan~
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list