Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2015-November/142314.html below:

[Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

• Previous message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
• Next message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 27 Nov 2015, at 06:04, Nick Coghlan <ncoghlan at gmail.com> wrote:
> 
> Feature: Configuration API
> ==========================
> 
> This change is proposed for inclusion in CPython 2.7.12 and later CPython 2.7.x
> releases. It consists of a new ``ssl._verify_https_certificates()`` to specify
> the default handling of HTTPS certificates in standard library client libraries.
> 
> It is not proposed to forward port this change to Python 3, so Python 3
> applications that need to support skipping certificate verification will still
> need to define their own suitable security context.
> 
> Feature detection
> -----------------
> 
> The marker attribute on the ``ssl`` module related to this feature is the
> ``ssl._verify_https_certificates`` function itself.
> 
> Specification
> -------------
> 
> The ``ssl._verify_https_certificates`` function will work as follows::
> 
>    def _verify_https_certificates(enable=True):
>        """Verify server HTTPS certificates by default?"""
>        global _create_default_https_context
>        if enable:
>            _create_default_https_context = create_default_context
>        else:
>            _create_default_https_context = _create_unverified_context
> 
> If called without arguments, or with ``enable`` set to a true value, then
> standard library client modules will subsequently verify HTTPS
> certificates by default, otherwise they will skip verification.

Perhaps I missed this, Nick, but what happens if multiple third party libraries apply updates to call this function in incompatible ways? For example, if you depend on libfoo which calls ssl._verify_https_certificates(False) and libbar which calls ssl._verify_https_certificates(True)? Is it…last import wins?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20151127/2b7da067/attachment.sig>

• Previous message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
• Next message (by thread): [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4