[Python-Dev] Enable Hostname and Certificate Chain Validation
Christian Heimes
christian at python.org
Wed Jan 22 15:07:19 CET 2014
More information about the Python-Dev mailing list
Wed Jan 22 15:07:19 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Wrong keyword parameter name in regex pattern methods
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 22.01.2014 14:24, Nick Coghlan wrote: > On 22 January 2014 23:19, Antoine Pitrou <solipsis at pitrou.net> wrote: >> On Wed, 22 Jan 2014 05:30:40 -0500 >> Donald Stufft <donald at stufft.io> wrote: >>> I would like to propose that a backwards incompatible change be >>> made to Python to make verification of hostname and certificate >>> chain the default instead of requiring it to be opt in. >>> >>> Python 3.4 has made great strides in making it easier for applications >>> to simply turn on these settings, however many people are not aware >>> at all that they need to opt into this. Most assume that it will operate >>> similarly to their browser, curl, wget, etc >> >> Python is not a Web client. Are you talking specifically about urllib? > > And all the other client modules that can make secure network > connections (but don't validate that the certificate matches the > hostname by default). With Python 3.4 all stdlib modules can verify the hostname and in fact do with ssl.create_default_context(). Several modules like ftplib didn't support SNI and hostname verification.
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Wrong keyword parameter name in regex pattern methods
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list