Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://mail.python.org/pipermail/python-dev/2014-September/136123.html below:

Enabling certificate validation by default!

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01.09.2014 08:44, Nick Coghlan wrote:
> Yes, it would have exactly the same security failure modes as 
> sitecustomize, except it would only fire if the application
> imported the ssl module.
> 
> The "-S" and "-I" switches would need to disable the implied 
> "sslcustomize", just as they disable "import site".

A malicious package can already play havoc with your installation with
a custom ssl module. If somebody is able to sneak in a ssl.py then you
are screwed anyway. sslcustomize is not going to make the situation worse.

Christian

• Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4