[Python-Dev] PEP 476: Enabling certificate validation by default!
Christian Heimes
christian at python.org
Sat Aug 30 19:21:41 CEST 2014
More information about the Python-Dev mailing list
Sat Aug 30 19:21:41 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 30.08.2014 17:22, Alex Gaynor wrote: > The Windows certificate store is used by ``load_default_certs``: > > * https://github.com/python/cpython/blob/master/Lib/ssl.py#L379-L381 > * https://docs.python.org/3.4/library/ssl.html#ssl.enum_certificates The Windows part of load_default_certs() has one major flaw: it can only load certificates that are already in Windows's cert store. However Windows comes only with a small set of default certs and downloads more certs on demand. In order to trigger a download Python or OpenSSL would have to use the Windows API to verify root certificates. Christian
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list