New submission from Christian Heimes: Developers are still surprised that Python's ssl library doesn't validate SSL certs by default. We should add a *big* warning to the SSL module as well as to all consumers (http, ftp, imap, pop, smtp, nntp ...) that neither the CA cert chain nor the hostname are validated by default. (AFAIK only http.client does match_hostname()).
---------- assignee: docs@python components: Documentation messages: 202245 nosy: christian.heimes, docs@python, giampaolo.rodola, janssen, pitrou priority: high severity: normal stage: needs patch status: open title: Add warning that Python doesn't verify SSL certs by default type: enhancement versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19508> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
