[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-23 Thread R. David Murray
Changes by R. David Murray : -- resolution: -> fixed stage: needs patch -> committed/rejected status: open -> closed ___ Python tracker ___ _

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-23 Thread Roundup Robot
Roundup Robot added the comment: New changeset c38ce7726737 by Antoine Pitrou in branch '3.4': Issue #20913: make it clear that create_default_context() also enables hostname checking http://hg.python.org/cpython/rev/c38ce7726737 New changeset 015c4d785be7 by Antoine Pitrou in branch 'default':

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-23 Thread R. David Murray
R. David Murray added the comment: It's really too bad cert validation fails on that ftp site. It would be nice to show best practices in that example. We really need that python test server Benjamin was talking about. -- ___ Python tracker

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-23 Thread R. David Murray
R. David Murray added the comment: Ah, I see. Obviously I didn't read it as carefully as I thought I had ;(. -- ___ Python tracker ___ __

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-23 Thread R. David Murray
R. David Murray added the comment: I made some review comments. There is one bug with your patch (you dropped some argument descriptions in one place.) -- resolution: fixed -> stage: committed/rejected -> needs patch status: closed -> open ___ Pyth

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-22 Thread Antoine Pitrou
Antoine Pitrou added the comment: I've committed the latest patch. I hope things are better now! -- resolution: -> fixed stage: needs patch -> committed/rejected status: open -> closed ___ Python tracker _

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-22 Thread Roundup Robot
Roundup Robot added the comment: New changeset 8661ffca4581 by Antoine Pitrou in branch '3.4': Issue #20913: improve the SSL security considerations to first advocate using create_default_context(). http://hg.python.org/cpython/rev/8661ffca4581 New changeset e703fc5262b7 by Antoine Pitrou in br

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-21 Thread Antoine Pitrou
Antoine Pitrou added the comment: Updated patch with Martin's suggested changes, and various other nits. -- Added file: http://bugs.python.org/file34557/ssl_best2.patch ___ Python tracker __

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-21 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- nosy: +dstufft ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-14 Thread Martin v . Löwis
Martin v. Löwis added the comment: I'd add a sentence to this paragraph """If a client certificate is needed for the connection, it can be added with context.load_cert_chain(path_to_certificate, path_to_private_key) """ Then, in all places where a context and cert/key parameters are allowed (e

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-14 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-14 Thread Antoine Pitrou
Antoine Pitrou added the comment: Here is a patch adding the requested information to the ssl docs. It doesn't touch the pages for higher-level modules, I'll let someone else decide how to do that. -- keywords: +patch Added file: http://bugs.python.org/file34415/ssl_best_doc.patch

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-14 Thread Christian Heimes
Christian Heimes added the comment: http://docs.python.org/3.4/library/ssl.html#ssl-security doesn't mention http://docs.python.org/3.4/library/ssl.html#ssl.create_default_context and http://docs.python.org/3.4/library/ssl.html#ssl.SSLContext.check_hostname . I planed to write a paragraph abou

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-14 Thread Antoine Pitrou
Antoine Pitrou added the comment: It is true that, while the ssl docs have (I think) an appropriate discussion of "security considerations", higher-level APIs (i.e. applicative protocols) don't provide any recommendations. I don't know where we should put them. The recommendations will be simi

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread R. David Murray
R. David Murray added the comment: To expand on that point a little: in the past, I could happily use the SMTP_SSL class (say) without thinking about certificates or server hostname verification, or pretty much of anything. This produced no verification, of course, which is the problem we are

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread R. David Murray
R. David Murray added the comment: Someone else told me it was, I'm afraid I didn't actually check myself :(. That said, it is still not clear to me from reading that whether or not I need to "do something" when using, say, the SMTP_SSL class. And it is the latter kind of question that I'm as

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread Martin v . Löwis
Martin v. Löwis added the comment: I'm not so sure about the objection. The text currently says CERT_NONE is the default. Since it does not authenticate the other peer, it can be insecure, especially in client mode where most of time you would like to ensure the authenticity of the server you’

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread Raymond Hettinger
Raymond Hettinger added the comment: +1 I think this is sorely needed. -- nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-lis

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread Ezio Melotti
Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread R. David Murray
Changes by R. David Murray : -- assignee: christian.heimes -> components: +Documentation stage: -> needs patch type: -> enhancement versions: +Python 3.4, Python 3.5 ___ Python tracker __

[issue20913] Standard Library documentation needs SSL security best practices doc.

2014-03-13 Thread R. David Murray
New submission from R. David Murray: It's great that Christian did all the work he did on the SSL module to enhance its security capabilities, and great that Antoine did the work he did before that. Now we need an explanation of how best to use it all :) It is not clear from the existing doc