Christian Heimes added the comment: I fear it's a bit too late in the release cycle to get it right. Feature freeze is in about a month and this is a major change.
The set_default_verify_paths() works only on some Unix platforms when OpenSSL configured with the distribution-specific paths to CAfile or CApath. A user installation of OpenSSL will most probably not work correctly. And there is Mac OS X ... Apple has deprecated OpenSSL and doesn't provide certificates as files. Apple's build of OpenSSL is patched and re-uses the keychain API. My Windows patch only offers certificates that already exist in Windows' cert stores. IE can trigger background downloads of yet unknown CA certs... IMHO we should add root CA certs for every purpose with Python and implement a way to replace the shipped certs with update packages. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19292> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
