[issue17123] Add OCSP support to ssl module

2019-10-16 Thread Daniel Kahn Gillmor
Daniel Kahn Gillmor added the comment: On Thu 2019-10-10 01:38:42 +, Benjamin Peterson wrote: > Considering OSCP has fallen out of favor relative to CT in recent > years, may be should simply reject this feature request. CT provides the possibility of a website operator to *detect* CA mal

[issue17123] Add OCSP support to ssl module

2019-10-15 Thread Shane Harvey
Change by Shane Harvey : -- nosy: +ShaneHarvey ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue17123] Add OCSP support to ssl module

2019-10-15 Thread Bernie Hackett
Bernie Hackett added the comment: OCSP is the only way Let's Encrypt supports revocation. It would be really useful to have stapling verification supported in the standard library, even just the callback support PyOpenSSL supports. https://letsencrypt.org/docs/revoking/ -- nosy: +be

[issue17123] Add OCSP support to ssl module

2019-10-09 Thread Benjamin Peterson
Benjamin Peterson added the comment: Considering OSCP has fallen out of favor relative to CT in recent years, may be should simply reject this feature request. -- ___ Python tracker

[issue17123] Add OCSP support to ssl module

2019-10-09 Thread Daniel Kahn Gillmor
Daniel Kahn Gillmor added the comment: It would be great to see at least minimal OCSP stapling support (in the form of callbacks on the client and server sides) availabl in the ssl module, similar to the way that pyopenssl has added such callbacks: https://github.com/pyca/pyopenssl/pull/

[issue17123] Add OCSP support to ssl module

2018-02-25 Thread Christian Heimes
Change by Christian Heimes : -- versions: +Python 3.8 -Python 3.7 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue17123] Add OCSP support to ssl module

2016-09-15 Thread Christian Heimes
Changes by Christian Heimes : -- assignee: -> christian.heimes components: +SSL ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue17123] Add OCSP support to ssl module

2016-09-08 Thread Christian Heimes
Christian Heimes added the comment: I'll add OCSP stapling verification to 3.7. -- versions: +Python 3.7 -Python 3.5 ___ Python tracker ___ __

[issue17123] Add OCSP support to ssl module

2015-04-17 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue17123] Add OCSP support to ssl module

2013-12-21 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- type: security -> enhancement ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: ht

[issue17123] Add OCSP support to ssl module

2013-10-21 Thread Larry Hastings
Changes by Larry Hastings : -- nosy: -larry ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue17123] Add OCSP support to ssl module

2013-10-21 Thread Christian Heimes
Christian Heimes added the comment: I won't have time for a proper implementation for 3.4. Defer to 3.5 -- versions: +Python 3.5 -Python 2.6, Python 2.7, Python 3.4 ___ Python tracker __

[issue17123] Add OCSP support to ssl module

2013-04-28 Thread Georg Brandl
Changes by Georg Brandl : -- versions: -Python 3.2, Python 3.3 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue17123] Add OCSP support to ssl module

2013-04-19 Thread Phil Connell
Changes by Phil Connell : -- nosy: +pconnell ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Antoine Pitrou
Antoine Pitrou added the comment: Christian, I really don't agree this should be a release blocker, and especially not for bugfix branches. -- priority: release blocker -> normal ___ Python tracker ___

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Jesús Cea Avión
Changes by Jesús Cea Avión : -- nosy: +jcea ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Christian Heimes
Christian Heimes added the comment: OCSP can prevent MITM attacks when the private server cert or CA cert got compromised or stolen somehow. -- ___ Python tracker ___ __

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Christian Heimes
Changes by Christian Heimes : -- nosy: +barry, benjamin.peterson, georg.brandl, larry priority: high -> release blocker ___ Python tracker ___ ___

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Antoine Pitrou
Antoine Pitrou added the comment: Can you explain how OCSP helps prevent MITM attacks? - Mail original - > De: "Christian Heimes" > À: pit...@free.fr > Envoyé: Lundi 4 Février 2013 17:14:32 > Objet: [issue17123] Add OCSP support to ssl module > > >

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Christian Heimes
New submission from Christian Heimes: Python's ssl module doesn't support OCSP [1]. The example code at [2] doesn't look too complicated. We should consider OCSP at least for 3.4 and may want to backport it to older versions to prevent MITM attacks on PyPI downloads. [1]http://en.wikipedia.or