Hi, On Mon, 12 Aug 2013 19:18:17 +0200 Christian Heimes <christ...@python.org> wrote: > related issue: Mozilla's certdata.txt and CKT_NSS_MUST_VERIFY_TRUST > - ------------------------------------------------------------------- > > Recently I found bugs in curl's mk-ca-bundle.pl script, its cacert.pem > and in the CA bundle of eGenix.com pyOpenSSL Distribution. Both failed > to handle a new option in Mozilla's certdata.txt database correctly. > As a consequence the root CA bundles contained additionally and > untrustworthy root certificates. I'm not sure about the severity of > the issue.
Which goes to show that not bundling our own set of CA certificates is the safest route. Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
