Antoine Pitrou added the comment:
> I think it is kind of OK to require explicit specification of the
> ca_certs as long as it is made clear in all the relevant places that
> it _has_ to be done. I think it would be a good idea to deprecate the
> default value for ca_certs and issue a warning if
Mads Kiilerich added the comment:
The response I got to this issue hinted that it was a lame issue I filed. I
haven't had time/focus to investigate further and give constructive feedback.
I think it is kind of OK to require explicit specification of the ca_certs as
long as it is made clear in
Antoine Pitrou added the comment:
> I'd rather recommend a different approach, where the set of CAs
> doesn't need to be specified for every module that directly or
> indirectly uses SSL. Instead, there should be support for a
> thread-local setting of the allowable CAs, and then no API changes
Martin v. Löwis added the comment:
I'd rather recommend a different approach, where the set of CAs doesn't need to
be specified for every module that directly or indirectly uses SSL. Instead,
there should be support for a thread-local setting of the allowable CAs, and
then no API changes are
Antoine Pitrou added the comment:
There are open issues for specific modules: #8808 for imaplib, #8809 for
smtplib.
In 3.2, poplib already has support for SSL contexts, as do ftplib, http.client
and nntplib. If I'm missing a module please tell me.
--
resolution: -> duplicate
status:
New submission from Mads Kiilerich :
As discussed on issue1589 it is now possible to create decent ssl connections
with the ssl module - assuming ca_certs is specified and it is checked that the
certificates matches.
The standard library do however neither do that nor make it possible to do it
