OK, that changes my position for 2.7 (but not for 3.5). I had assumed there was a way to disable the cert check by changing one parameter to the urlopen() call. (And I had wanted to add that there should be a clear FAQ about the subject.) If this isn't possible that changes the situation. (But I still think that once we do have that simple change option we should do it, in a later 2.7 upgrade.)
I apologize for speaking before I had read all facts, and I'll await what you and Nick come up with. --Guido On Wed, Sep 3, 2014 at 12:26 PM, Christian Heimes <christ...@python.org> wrote: > On 03.09.2014 19:54, Guido van Rossum wrote: > > Let's take the plunge on this issue for the next 2.7 release (3.5 being > > a done deal). Yes, some people will find that they have an old script > > accessing an old service which breaks. Surely some of the other changes > > in the same 2.7 bugfix release will also break some other scripts. > > People deal with it. Probably 90% of the time it's an annoyance (but no > > worse than any other minor-release upgrade -- you should test upgrades > > before committing to them, and if all else fails, roll it back). But at > > least some of the time it will be a wake-up call and an expired > > certificate will be replaced, resulting in more security for all. > > I'm +1 for Python 3.5 but -1 for Python 2.7. > > The SSLContext backport will landed in Python 2.7.9 (to be released). No > Python 2 user is familiar with the feature yet. But more importantly: > None of the stdlib modules support the new feature, too. httplib, > imaplib ... they all don't take a SSLContext object as an argument. > PEP-466 does not include the backport for the network modules. Without > the context argument there is simply no clean way to configure the SSL > handshake properly. > > The default settings must stay until we decide to backport the context > argument and have a way to configure the default behavior. Nick and me > are planing a PEP. > > Christian > -- --Guido van Rossum (python.org/~guido)
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
