Christian Heimes added the comment: Am 19.10.2013 18:02, schrieb Guido van Rossum: > @Christian: What is holding up those patches? I don't believe we should be > in the business of distributing certificates -- we should however make it > easy to use the system certificates.
The usual issues: lack of time and too much to do. > > @Antoine: I still claim that a flag that defaults to no security is a > vulnerability -- nobody reads warnings in docs until *after* they've been > bitten. It should be an explicit choice in the script or app to disable > certificate checking. If you can't access a server because its certificate > is expired, how is that different than any other misconfiguration that > makes a server inaccessible until its administrator fixes it? It would be nice to add a feature to the SSL module that behaves like browsers: white list a cert's SPKI (subject private key info) for a FQDN + Port. Christian ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19292> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
