On 08/29/2014 01:00 PM, M.-A. Lemburg wrote:
On 29.08.2014 21:47, Alex Gaynor wrote:
I've just submitted PEP 476, on enabling certificate validation by default for
HTTPS clients in Python. Please have a look and let me know what you think.
Thanks for the PEP. I think this is generally a good idea,
but some important parts are missing from the PEP:
* transition plan:
I think starting with warnings in Python 3.5 and going
for exceptions in 3.6 would make a good transition
Going straight for exceptions in 3.5 is not in line with
our normal procedures for backwards incompatible changes.
* configuration:
It would be good to be able to switch this on or off
without having to change the code, e.g. via a command
line switch and environment variable; perhaps even
controlling whether or not to raise an exception or
warning.
* choice of trusted certificate:
Instead of hard wiring using the system CA roots into
Python it would be good to just make this default and
permit the user to point Python to a different set of
CA roots.
This would enable using self signed certs more easily.
Since these are often used for tests, demos and education,
I think it's important to allow having more control of
the trusted certs.
+1 for PEP with above changes.
--
~Ethan~
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
