On Tue, 15 Jun 2010 14:14:08 -0700 geremy condra <debat...@gmail.com> wrote: > > > > Ok, thank you. > > I have tried to put some effort into the py3k ssl docs, so that security > > issues get mentioned: > > http://docs.python.org/dev/py3k/library/ssl.html#security-considerations > > Any improvement or correction is welcome. > > Could similar notifications be added to urllib, etc? That's where > people really get bitten badly by this.
I suppose so, although I'm not responsible for these modules. > > Also, following issue1589 (certificate hostname checking), I think it > > would be useful at least to provide the necessary helper functions in > > order to check certificate conformity, even if they aren't called > > implicitly. I would encourage interested people to provide a patch for > > the py3k ssl module, and will gladly review it. > > I'm not sure what this fixes if it doesn't get used in the higher-level > modules, but I can ask if anybody is interested. Actually it could be used, at least optionally, by the higher-level modules (I'm not sure it can always be enabled by default, although security-wise it would certainly be preferrable). Regards Antoine. -- http://mail.python.org/mailman/listinfo/python-list