Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

From: R. David Murray <rdmu...@bitdance.com>

Fri, 29 Aug 2014 18:57:35 -0400

On Fri, 29 Aug 2014 18:00:50 -0400, Donald Stufft <don...@stufft.io> wrote:
> > On Aug 29, 2014, at 5:42 PM, R. David Murray <rdmu...@bitdance.com> wrote:> > Especially if you want an accelerated change, there must be a way to> > *easily* get back to the previous behavior, or we are going to catch a> > lot of flack.  There may be only 7% of public certs that are problematic,> > but I'd be willing to bet you that there are more not-really-public ones> > that are critical to day to day operations *somewhere* :)> > > > wget and curl have 'ignore validation' as a command line flag for a reason.> > > > Right, that’s why I’m on the fence :)> > On one hand, it’s going to break things for some people, (arguably they are> already broken, just silently so, but we’ll leave that argument aside) and a> way to get back the old behavior is good. There are already ways within> the Python code itself, so that’s covered. From outside of the Python code> there are ways if the certificate is untrusted but otherwise valid which are> pretty easy to do. The major “gap” is when you have an actual invalid> certificate due to expiration or hostname or some other such thing.> > On the other hand Python is not wget/curl and the people who are most> likely to be the target for a “I can’t change the code but I need to get the> old behavior back” are people who are likely to not be invoking Python> itself but using something written in Python which happens to be using> Python. IOW they might be executing “foobar” not “python -m foobar”.

Right, so an environment variable is better than a command line switch,
for Python.

> Like I said though, I’m personally fine either way so don’t take this as> being against that particular change!

Ack.

--David

_______________________________________________
Python-Dev mailing list
Pyth...@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/python-dev-ml%40activestate.com

Recent Messages in this Thread
[Python-Dev] PEP 476: Enabling certificate validation by default!	Alex Gaynor	Aug 29, 2014 07:47 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	David Reid	Aug 29, 2014 07:56 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Aug 29, 2014 08:00 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Ethan Furman	Aug 29, 2014 08:07 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Aug 30, 2014 11:26 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 31, 2014 01:25 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Aug 31, 2014 02:21 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Aug 31, 2014 06:09 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Aug 31, 2014 06:16 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Aug 31, 2014 06:45 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Cory Benfield	Aug 31, 2014 10:42 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Aug 31, 2014 02:16 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 31, 2014 04:27 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Aug 31, 2014 05:03 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 31, 2014 05:29 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Aug 31, 2014 06:28 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 31, 2014 06:37 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Aug 31, 2014 07:12 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 31, 2014 08:15 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Aug 31, 2014 08:30 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Aug 31, 2014 09:41 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 31, 2014 09:53 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 31, 2014 09:59 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 31, 2014 08:16 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 31, 2014 09:43 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Aug 31, 2014 10:10 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Sep 01, 2014 01:10 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 06:05 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 02, 2014 10:12 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Sep 01, 2014 06:07 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 06:44 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 01, 2014 07:13 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 08:09 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 01, 2014 12:41 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Chris Angelico	Sep 01, 2014 01:24 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 01, 2014 01:34 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Chris Angelico	Sep 01, 2014 01:42 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 01, 2014 01:59 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 02:53 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 01, 2014 02:57 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Sep 08, 2014 08:09 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Aug 31, 2014 10:15 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 12:06 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Aug 31, 2014 06:24 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 31, 2014 05:23 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Aug 29, 2014 08:10 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Aug 29, 2014 09:11 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Aug 29, 2014 09:42 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 29, 2014 09:57 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Aug 29, 2014 10:00 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Aug 29, 2014 10:57 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 29, 2014 09:55 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Aug 29, 2014 09:58 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Aug 29, 2014 10:08 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 29, 2014 10:22 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 31, 2014 11:18 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Alex Gaynor	Aug 30, 2014 02:44 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Aug 30, 2014 10:19 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 30, 2014 10:40 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Aug 30, 2014 10:46 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Aug 30, 2014 10:55 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Aug 30, 2014 12:03 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Aug 30, 2014 01:32 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	M.-A. Lemburg	Aug 30, 2014 02:20 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Steve Dower	Aug 30, 2014 02:24 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Barry Warsaw	Aug 30, 2014 04:42 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Aug 30, 2014 10:48 am
Re: [Python-Dev] =?utf-8?q?PEP_476=3A_Enabling_certificate_validation?= =?utf...	Alex Gaynor	Aug 30, 2014 03:22 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Paul Moore	Aug 30, 2014 03:36 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Marko Rauhamaa	Aug 30, 2014 04:17 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Aug 30, 2014 05:21 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	mar...@v.loewis.de	Aug 30, 2014 08:03 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Stephen J. Turnbull	Aug 31, 2014 05:53 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Glyph Lefkowitz	Sep 02, 2014 09:00 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 02, 2014 09:32 pm
Re: [Python-Dev] =?utf-8?q?PEP_476=3A_Enabling_certificate_validation?= =?utf...	Alex Gaynor	Sep 02, 2014 10:16 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 02, 2014 10:25 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 02, 2014 11:01 pm
Re: [Python-Dev] =?utf-8?q?PEP_476=3A_Enabling_certificate_validation?= =?utf...	David Reid	Sep 02, 2014 11:06 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 02, 2014 11:28 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Glyph Lefkowitz	Sep 02, 2014 11:47 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Sep 03, 2014 12:06 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 03, 2014 12:19 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Stephen J. Turnbull	Sep 03, 2014 02:43 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Cory Benfield	Sep 03, 2014 08:26 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 03, 2014 10:34 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 03, 2014 02:29 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Terry Reedy	Sep 03, 2014 12:59 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Sep 03, 2014 01:29 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 03, 2014 02:31 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Sep 03, 2014 03:58 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Ethan Furman	Sep 03, 2014 05:09 pm
Re: [Python-Dev] =?utf-8?q?PEP_476=3A_Enabling_certificate_validation?= =?utf...	Alex Gaynor	Sep 03, 2014 05:15 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Ethan Furman	Sep 03, 2014 05:29 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 03, 2014 07:07 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Sep 03, 2014 07:10 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Ethan Furman	Sep 03, 2014 07:42 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Guido van Rossum	Sep 03, 2014 05:54 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 03, 2014 06:37 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	R. David Murray	Sep 03, 2014 07:06 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Guido van Rossum	Sep 03, 2014 07:11 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 03, 2014 11:19 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 03, 2014 11:36 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Ethan Furman	Sep 04, 2014 12:00 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Ethan Furman	Sep 04, 2014 12:17 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 04, 2014 03:11 am
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Antoine Pitrou	Sep 04, 2014 12:39 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 04, 2014 01:31 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Sep 03, 2014 06:39 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 03, 2014 07:26 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Guido van Rossum	Sep 03, 2014 07:37 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 03, 2014 07:50 pm
Re: [Python-Dev] =?utf-8?q?PEP_476=3A_Enabling_certificate_validation?= =?utf...	Alex Gaynor	Sep 03, 2014 08:37 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Benjamin Peterson	Sep 03, 2014 11:10 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 03, 2014 11:29 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Victor Stinner	Sep 03, 2014 07:37 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 03, 2014 07:44 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Stephen J. Turnbull	Sep 03, 2014 10:48 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Gregory P. Smith	Sep 08, 2014 09:35 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Glyph Lefkowitz	Sep 02, 2014 11:21 pm
Re: [Python-Dev] =?utf-8?q?PEP_476=3A_Enabling_certificate_validation?= =?utf...	R. David Murray	Sep 02, 2014 11:20 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 02, 2014 10:41 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 09:31 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Christian Heimes	Sep 01, 2014 05:01 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Sep 01, 2014 05:08 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Nick Coghlan	Sep 01, 2014 03:35 pm
Re: [Python-Dev] PEP 476: Enabling certificate validation by default!	Donald Stufft	Sep 01, 2014 04:48 pm

◄ Messages in this thread ►

Previous post: Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

Next post: Re: [Python-Dev] surrogatepass - she's a witch, burn 'er! [was: Cleaning up ...]

Subscribe to the python-dev RSS feed

Accounts

List Archives

Feedback & Information

ActiveState

© 2019 ActiveState Software Inc. All rights reserved. ActiveState®, Komodo®, ActiveState Perl Dev Kit®, ActiveState Tcl Dev Kit®, ActivePerl®, ActivePython®, and ActiveTcl® are registered trademarks of ActiveState. All other marks are property of their respective owners.