On Sun, 2 Jun 2013 22:57:15 -0700 Chris Rebert <c...@rebertia.com> wrote: > On Jun 2, 2013 10:22 PM, "Donald Stufft" <don...@stufft.io> wrote: > > > > As of right now, as far as I can tell, Python does not validate HTTPS > > certificates by default. As far as I can tell this is because there is no > > guaranteed certificates available. > > Relevant: http://bugs.python.org/issue13647 > > > So I would like to propose that CPython adopt the Mozilla SSL certificate > > list and include it in core, and switch over the API's so that they verify > > HTTPS by default. This is what most people are going to expect when using a > > https url (Especially after learning that Python 2.x doesn't verify TLS, > > but Python 3.x "does"). > > > > Ideally this would take the shape of attempting to locate the system > > certificate store if possible, and if that doesn't work falling back to the > > bundled certificates. That way the various Linux distros can easily have > > their copies of Python depend solely on their built in certs, but Windows, > > OSX, Source compiles etc will all still have a fallback value. > > There's an existing request for this: > http://bugs.python.org/issue13655
See also http://bugs.python.org/issue17134 Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
