STINNER Victor added the comment:

> So this seems to be a function that just gets the certificate?  You need to 
> be careful with this since a server could perfectly decide to send a 
> different certificate depending on the client hello it receives. (...) In any 
> case, you should always use SSLv23, stop supporting anything else.

I don't understand. You say that depending on the protocol, you may get a 
different certificate, and then that we should stop supporting multiple 
protocol. Does it mean that you ask to remove a Python feature?

Even if it is technically possible to return a different certificate, I don't 
think that much servers will return a different certificate if the client uses 
SSLv23 instead of SSLv3.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue22935>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to