[Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
Donald Stufft
donald at stufft.io
Mon Jun 3 22:22:41 CEST 2013
More information about the Python-Dev mailing list
Mon Jun 3 22:22:41 CEST 2013
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jun 3, 2013, at 4:19 PM, Christian Heimes <christian at python.org> wrote: > Am 03.06.2013 21:52, schrieb Antoine Pitrou: >> cadefault=True will probably be fail if the system certs are not >> properly configured in OpenSSL, e.g. under Windows or with a hand-made >> OpenSSL build. >> And, because of the way the OpenSSL API works, there's no way of >> knowing if it is the case or not: >> http://docs.python.org/3.4/library/ssl.html#ssl.SSLContext.set_default_verify_paths > > I only see an issue for uncommon Linux distributions and exotic Unices. > > For Windows an interface to crypt32 API solves the CA issue as shown in > my wincertstore module. It gives the user the same SSL experience as > Internet Explorer. > > Most Linux and BSD-ish operating systems have SSL certs at some standard > location. > https://bitbucket.org/pypa/setuptools/src/6de3186fdfd9f5b543380e9aca2d48976cfc38cd/setuptools/ssl_support.py?at=default#cl-15 > lists a couple of standard locations. > > Under which conditions do we need to ship a CA cert file? > > Christian > > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/donald%40stufft.io What about OSX? ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/0b218f15/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20130603/0b218f15/attachment.pgp>
- Previous message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Next message: [Python-Dev] Validating SSL By Default (aka Including a Cert Bundle in CPython)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list