Ethan Furman <ethan <at> stoneleaf.us> writes: > > I apologize if I missed this point, but if we have the source code then it is > possible to go in and directly modify the application/utility to be able to > talk over https to a router with an invalid certificate? This is an option > when creating the ssl_context? > > -- > ~Ethan~ >
Yes, it's totally possible to create (and pass to ``http.client``) an ``SSLContext`` which doesn't verify various things. My proposal is only about changing what happens when you don't explicitly pass a context. Cheers, Alex _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
