Thomas Leonard <tal...@gmail.com> added the comment: Just to add a couple of data points to argue in favour of a secure-by-default behaviour:
0install.net: http://secunia.com/advisories/47935 (spoofing attack due to certificate names not being validated) Mozilla is recommending people avoid using Python's built-in SSL: https://github.com/mozilla/browserid/wiki/Security-Considerations-when-Implementing-BrowserID I find it hard to believe that anyone would be able to write an SSL client in Python currently without introducing some vulnerability. There are too many traps to fall into. Here are the three I know about: 1. Not specifying any trusted CAs means trust everyone (where for most software it would mean either trust no-one or trust only well-known CAs). 2. Specifiying a single trusted CA means also trust all known CAs (on MacOS X at least). 3. Unless you manually enable hostname checking, the attacker only needs a valid SSL certificate for their own site, not for the site they're spoofing. ---------- nosy: +Thomas.Leonard _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue1589> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
