Home Original page

[Python-Dev] Enable Hostname and Certificate Chain Validation

Donald Stufft donald at stufft.io
Wed Jan 22 14:55:02 CET 2014 
On Jan 22, 2014, at 8:29 AM, Christian Heimes <christian at python.org> wrote:

> On 22.01.2014 12:45, Nick Coghlan wrote:
>> We also have to account for the fact that an awful lot of Python
>> applications are corporate ones relying on perimeter defence for
>> security, or private CAs, or just self-signed certificates that their
>> users have already accepted. There are limits to the amount of
>> backwards incompatible change users will tolerate, and at this point
>> in time we're still trying to get people to accept proper Unicode
>> support.
> 
> Side note:
> Users can simple add self-signed certs to OpenSSL's cert store and get
> validation for free. It's possible to do that with an environment
> variable, too. But I recommend against the environment variable because
> you may overwrite to operating store.
> 
> Christian
> 
> 
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

As an additional side note, anecdotal evidence and what not, but
*every* time I bring this up somewhere I get at least one reply that
looks similar to https://twitter.com/ojiidotch/status/425986619879866368

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/2ce5b511/attachment.sig>
More information about the Python-Dev mailing list