david <db.pub.m...@gmail.com> added the comment: On 21 November 2010 20:50, Martin v. Löwis <rep...@bugs.python.org> wrote: > > Martin v. Löwis <mar...@v.loewis.de> added the comment: > >> So for python3 is it possible to make attempting to use capath(some >> common ones OR the openssl location capath if this is ok for use) the >> default(with failure to find a valid capath result in an exception >> being raised) ? > > The default? That would be an incompatible change, and cause many > complaints. So I'm very skeptical that this can be done. > > Having applications/scripts explicitly opt-in to a default CA > certificate list would be an option (then making those applications > break in installations where the default CA list is empty).
"Errors should never pass silently." IMHO it is an error not to check by default. No it wouldn't break anything that shouldn't break. Users can then pass in None for the capath (as an example). ---------- title: some stdlib modules need to be updated to handle SSL certificate validation -> some stdlib modules need to be updated to handle SSL certificate validation _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10441> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com