New submission from naif <n...@globaleaks.org>: For the certificate store:
Can we eventually agree to bind a default CA-store to a Mozilla verified one? Mozilla in handling Firefox does a great job in keeping CA-store up-to-date. Integrating default mozilla CA-store with Python builds could be a nice way, it's just a matter of integrating into the build-system the download/fetching of default Mozilla store. At least the language base it's default on a trusted entity to manage, cross-platform, the CA-store for TLS/SSL. The mainteinance of the CA-store would be delegated to Mozilla that has been demonstrated to be independent and very security conscious, removing dirty CA-store (like Diginotar after Iranian compromise). That way 90% of case of of SSL/TLS certificate validation will be managed and by default it would be possible to enable secure SSL/TLS client checking like described in http://bugs.python.org/issue13647 . ---------- components: Library (Lib) messages: 150142 nosy: naif priority: normal severity: normal status: open title: Python SSL stack doesn't have a default CA Store versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13655> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com