Ned Deily added the comment: Crys, as Ronald noted above: "Now that I look at that code again: we can't extract that code and use it to patch upstream OpenSSL, the TrustEvaluationAgent framework is a private framework and hence off limits." It doesn't seem like a good idea to be trying to base security on a private, undocumented framework and one that can change from OS X release to OS X release: our binary installers for OS X are designed to support multiple OS X versions. I think the certsync approach is safer and more robust. The other approach would be to directly use Apple's crypto APIs rather than OpenSSL but that would be a lot of work and a lot of testing and would also be more coupled to specific OS X releases.
---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17128> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com