On Sun, 31 Aug 2014 09:26:30 +1000 Nick Coghlan <ncogh...@gmail.com> wrote: > >> > >> * configuration: > >> > >> It would be good to be able to switch this on or off > >> without having to change the code, e.g. via a command > >> line switch and environment variable; perhaps even > >> controlling whether or not to raise an exception or > >> warning. > >> > >> * choice of trusted certificate: > >> > >> Instead of hard wiring using the system CA roots into > >> Python it would be good to just make this default and > >> permit the user to point Python to a different set of > >> CA roots. > >> > >> This would enable using self signed certs more easily. > >> Since these are often used for tests, demos and education, > >> I think it's important to allow having more control of > >> the trusted certs. > > > > > > +1 for PEP with above changes. > > Ditto from me. > > In relation to changing the Python CLI API to offer some of the wget/curl > style command line options, I like the idea of providing recipes in the > docs for implementing them at the application layer, but postponing making > the *default* behaviour configurable that way.
I'm against any additional environment variables and command-line options. It will only complicate and obscure the security parameters of certificate validation. The existing knobs have already been mentioned in this thread, I won't mention them here again. Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com