On 14 August 2016 at 09:14, Benjamin Peterson <benjamin at python.org> wrote: > Correctness of TLS certificate verification is known to depend deeply on > distribution. Python began to verify certificates by default only in in > version 2.7.9. Many OS distributions (in particular, Ubuntu) did not > enable verification for their stable distributions for backwards > compatibility reasons. You might find looking at distro bugs for > CVE-2014-9365 edifying. For RHEL (and hence CentOS), https://access.redhat.com/articles/2039753 summarises the current status. Since the system Python in RHEL 7.x is nominally Python 2.7.5, the default behaviour reflects that. However, both PEP 466 and PEP 476 have been backported (as of RHEL 7.2 and the corresponding CentOS release), so requests picks up the new capabilities implicitly, while the standard library can be configured for default verification by writing: [https] verify=enable to /etc/python/cert-verification.cfg Since folks are now able to force verification *off* via that same configuration file mechanism, we've also reserved the right to eventually change the default Python standard library behaviour on a fresh RHEL 7 installation to be to verify certificates. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4