On 30.04.2015 02:33, Nick Coghlan wrote: > Hi folks, > > This is just a note to highlight the fact that I tweaked the "Opting > out" section in PEP 476 based on various discussions I've had over the > past few months: https://hg.python.org/peps/rev/dfd96ee9d6a8 > > The notable changes: > > * the example monkeypatching code handles AttributeError when looking > up "ssl._create_unverified_context", in order to accommodate older > versions of Python that don't have PEP 476 implemented > * new paragraph making it clearer that while the intended use case for > the monkeypatching trick is as a workaround to handle environments > where you *know* HTTPS certificate verification won't work properly > (including explicit references to sitecustomize.py and Standard > Operating Environments for Python), there's also a secondary use case > in allowing applications to provide a system administrator controlled > setting to globally disable certificate verification (hence the change > to the example code) > * new paragraph making it explicit that even though we've improved > Python's default behaviour, particularly security sensitive > applications should still provide their own context rather than > relying on the defaults
Can we please make the monkeypatch a regular part of Python's site.py which can enabled via an environment variable, say export PYTHONHTTPSVERIFY=0. See http://bugs.python.org/issue23857 for the discussion. Esp. for Python 2.7.9 the default verification from PEP 476 is causing problems for admins who want to upgrade their Python installation without breaking applications using Python. They need an easy and official non-hackish way to opt-out from the PEP 476 default on a per application basis. Thanks, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Apr 30 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com