On Wed, 03 Sep 2014 16:31:13 +0200, Antoine Pitrou <solipsis at pitrou.net> wrote: > On Tue, 02 Sep 2014 21:29:16 -0400 > "R. David Murray" <rdmurray at bitdance.com> wrote: > > > > The top proposal so far is an sslcustomize.py file that could be used to > > either decrease or increase the default security. This is a much less > > handy solution than application options (eg, curl, wget) that allow > > disabling security for "this cert" or "this CLI session". It also is > > more prone to unthinking abuse since it is persistent. So perhaps > > it is indeed not worth it. (That's why I suggested an environment > > variable...something you could specify on the command line for a one-off.) > > I'll be fine with not adding any hooks at all, and letting people > configure their application code correctly :-) Again, the problem arises when it is not *their* application code, but a third party tool that hasn't been ported to 3.5. I'm OK with letting go of this invalid-cert issue myself, given the lack of negative feedback Twisted got. I'll just keep my fingers crossed. --David
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4