On 30.08.2014 15:32, R. David Murray wrote:
On Sat, 30 Aug 2014 14:03:57 +0200, M.-A. Lemburg m...@egenix.com wrote:
On 30.08.2014 12:55, Antoine Pitrou wrote:
On Sat, 30 Aug 2014 12:46:47 +0200
M.-A. Lemburg m...@egenix.com wrote:
That use case should be served with the SSL_CERT_DIR and
Murraymailto:rdmur...@bitdance.com
Sent: 8/30/2014 6:33
To: python-dev@python.orgmailto:python-dev@python.org
Subject: Re: [Python-Dev] PEP 476: Enabling certificate validation by default!
On Sat, 30 Aug 2014 14:03:57 +0200, M.-A. Lemburg m...@egenix.com wrote:
On 30.08.2014 12:55, Antoine Pitrou wrote
The Windows certificate store is used by ``load_default_certs``:
* https://github.com/python/cpython/blob/master/Lib/ssl.py#L379-L381
* https://docs.python.org/3.4/library/ssl.html#ssl.enum_certificates
Cheers, Alex
___
Python-Dev mailing list
On 30 August 2014 16:22, Alex Gaynor alex.gay...@gmail.com wrote:
The Windows certificate store is used by ``load_default_certs`
Cool, in which case this sounds like a good plan. I have no particular
opinion on whether there should be a global Python-level don't check
certificates option, but I
Paul Moore p.f.mo...@gmail.com:
Cool, in which case this sounds like a good plan. I have no particular
opinion on whether there should be a global Python-level don't check
certificates option, but I would suggest that the docs include a
section explaining how a user can implement a
On Aug 30, 2014, at 12:19 PM, M.-A. Lemburg wrote:
The reasoning here is the same as for hash randomization. There
are cases where you want to test your application using self-signed
certificates which don't validate against the system CA root list.
In those cases, you do know what you're doing.
On 30.08.2014 17:22, Alex Gaynor wrote:
The Windows certificate store is used by ``load_default_certs``:
* https://github.com/python/cpython/blob/master/Lib/ssl.py#L379-L381
* https://docs.python.org/3.4/library/ssl.html#ssl.enum_certificates
The Windows part of load_default_certs() has one
Zitat von Christian Heimes christ...@python.org:
On 30.08.2014 17:22, Alex Gaynor wrote:
The Windows certificate store is used by ``load_default_certs``:
* https://github.com/python/cpython/blob/master/Lib/ssl.py#L379-L381
* https://docs.python.org/3.4/library/ssl.html#ssl.enum_certificates
On 30 Aug 2014 06:08, Ethan Furman et...@stoneleaf.us wrote:
On 08/29/2014 01:00 PM, M.-A. Lemburg wrote:
On 29.08.2014 21:47, Alex Gaynor wrote:
I've just submitted PEP 476, on enabling certificate validation by
default for
HTTPS clients in Python. Please have a look and let me know what
On Sun, 31 Aug 2014 09:26:30 +1000
Nick Coghlan ncogh...@gmail.com wrote:
* configuration:
It would be good to be able to switch this on or off
without having to change the code, e.g. via a command
line switch and environment variable; perhaps even
controlling
On Sun, 31 Aug 2014 03:25:25 +0200, Antoine Pitrou solip...@pitrou.net wrote:
On Sun, 31 Aug 2014 09:26:30 +1000
Nick Coghlan ncogh...@gmail.com wrote:
* configuration:
It would be good to be able to switch this on or off
without having to change the code, e.g. via a
mar...@v.loewis.de writes:
BTW, it's patented:
http://www.google.de/patents/US6816900
Damn them. I hope they never get a look at my crontab.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Hi all,
I've just submitted PEP 476, on enabling certificate validation by default for
HTTPS clients in Python. Please have a look and let me know what you think.
PEP text follows.
Alex
---
PEP: 476
Title: Enabling certificate verification by default for stdlib http clients
Version:
On 29.08.2014 21:47, Alex Gaynor wrote:
Hi all,
I've just submitted PEP 476, on enabling certificate validation by default for
HTTPS clients in Python. Please have a look and let me know what you think.
PEP text follows.
Thanks for the PEP. I think this is generally a good idea,
but some
Alex Gaynor alex.gaynor at gmail.com writes:
Hi all,
I've just submitted PEP 476, on enabling certificate validation by default for
HTTPS clients in Python. Please have a look and let me know what you think.
Yes please.
The two most commons answers I get to Why did you switch to go? are
On 08/29/2014 01:00 PM, M.-A. Lemburg wrote:
On 29.08.2014 21:47, Alex Gaynor wrote:
I've just submitted PEP 476, on enabling certificate validation by default for
HTTPS clients in Python. Please have a look and let me know what you think.
Thanks for the PEP. I think this is generally a good
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg m...@egenix.com wrote:
* choice of trusted certificate:
Instead of hard wiring using the system CA roots into
Python it would be good to just make this default and
permit the user to point Python to a different set of
CA roots.
Sorry I was on my phone and didn’t get to fully reply to this.
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg m...@egenix.com wrote:
On 29.08.2014 21:47, Alex Gaynor wrote:
Hi all,
I've just submitted PEP 476, on enabling certificate validation by default
for
HTTPS clients in Python.
On Fri, 29 Aug 2014 17:11:35 -0400, Donald Stufft don...@stufft.io wrote:
Sorry I was on my phone and didnât get to fully reply to this.
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg m...@egenix.com wrote:
* configuration:
It would be good to be able to switch this on or off
On Fri, 29 Aug 2014 17:11:35 -0400
Donald Stufft don...@stufft.io wrote:
Another problem with this is that I don’t think it’s actually
possible to do. Python itself isn’t validating the TLS certificates,
OpenSSL is doing that. To my knowledge OpenSSL doesn’t
have a way to say “please
On 29.08.2014 23:11, Donald Stufft wrote:
Sorry I was on my phone and didn’t get to fully reply to this.
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg m...@egenix.com wrote:
On 29.08.2014 21:47, Alex Gaynor wrote:
Hi all,
I've just submitted PEP 476, on enabling certificate validation by
On Fri, 29 Aug 2014 17:42:34 -0400
R. David Murray rdmur...@bitdance.com wrote:
Especially if you want an accelerated change, there must be a way to
*easily* get back to the previous behavior, or we are going to catch a
lot of flack. There may be only 7% of public certs that are problematic,
On Aug 29, 2014, at 5:42 PM, R. David Murray rdmur...@bitdance.com wrote:
On Fri, 29 Aug 2014 17:11:35 -0400, Donald Stufft don...@stufft.io wrote:
Sorry I was on my phone and didn’t get to fully reply to this.
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg m...@egenix.com wrote:
*
On Aug 29, 2014, at 5:58 PM, M.-A. Lemburg m...@egenix.com wrote:
On 29.08.2014 23:11, Donald Stufft wrote:
Sorry I was on my phone and didn’t get to fully reply to this.
On Aug 29, 2014, at 4:00 PM, M.-A. Lemburg m...@egenix.com wrote:
On 29.08.2014 21:47, Alex Gaynor wrote:
Hi
On Fri, 29 Aug 2014 18:08:19 -0400
Donald Stufft don...@stufft.io wrote:
Are you sure that's possible ? Python doesn't load the
openssl.cnf file and the SSL_CERT_FILE, SSL_CERT_DIR env
vars only work for the openssl command line binary, AFAIK.
I’m not 100% sure on that. I know they are
On Fri, 29 Aug 2014 18:00:50 -0400, Donald Stufft don...@stufft.io wrote:
On Aug 29, 2014, at 5:42 PM, R. David Murray rdmur...@bitdance.com wrote:
Especially if you want an accelerated change, there must be a way to
*easily* get back to the previous behavior, or we are going to catch a
Thanks for the rapid feedback everyone!
I want to summarize the action items and discussion points that have come up so
far:
To add to the PEP:
* Emit a warning in 3.4.next for cases that would raise a Exception in 3.5
* Clearly state that the existing OpenSSL environment variables will be
101 - 127 of 127 matches
Mail list logo
