On 22.01.2014 14:24, Nick Coghlan wrote: > On 22 January 2014 23:19, Antoine Pitrou <solipsis at pitrou.net> wrote: >> On Wed, 22 Jan 2014 05:30:40 -0500 >> Donald Stufft <donald at stufft.io> wrote: >>> I would like to propose that a backwards incompatible change be >>> made to Python to make verification of hostname and certificate >>> chain the default instead of requiring it to be opt in. >>> >>> Python 3.4 has made great strides in making it easier for applications >>> to simply turn on these settings, however many people are not aware >>> at all that they need to opt into this. Most assume that it will operate >>> similarly to their browser, curl, wget, etc >> >> Python is not a Web client. Are you talking specifically about urllib? > > And all the other client modules that can make secure network > connections (but don't validate that the certificate matches the > hostname by default). With Python 3.4 all stdlib modules can verify the hostname and in fact do with ssl.create_default_context(). Several modules like ftplib didn't support SNI and hostname verification.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4