[Python-Dev] PEP 476: Enabling certificate validation by default!
Paul Moore
p.f.moore at gmail.com
Sun Aug 31 20:28:58 CEST 2014
More information about the Python-Dev mailing list
Sun Aug 31 20:28:58 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 31 August 2014 18:29, Antoine Pitrou <antoine at python.org> wrote: > If an application has special needs that require trusting a self-signed > certificate, then it should expose a configuration setting to let users > specify the cert's location. I can't see how that would be something the application would know. For example, pip allows me to specify an "alternate cert bundle" but not a single additional cert. So IIUC, I can't use my local index that serves https using a self-signed cert. I'd find it hard to argue that it's pip's responsibility to think of that use case - pretty much any program that interacts with a web service *might* need to interact with a self-signed dummy version, if only under test conditions. Or did you mean that Python should provide such a setting that would cover all applications written in Python? Paul
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list