Guido van Rossum added the comment: No, please let's not get in the business of shipping certs. Please not. There should be only *one* place per system where sysadmins have to update certs. It would not scale if every language implementation were to have its own set of certs.
Trusting only certs already on the system sounds fine. Reading certs from memory sounds like a good start no matter whether we manage to get the rest working, so please prioritize that. The next step should be fixing set_default_verify_paths() for Windows (at least for somewhat recent versions). On OS X it becomes a priority once the default build no longers use the system openssl. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19292> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
