Antoine Pitrou <pit...@free.fr> added the comment: > > This may not be satisfying to users. For example, our Windows > > distribution doesn't ship with any certicates (AFAIK); I have no > > clue where exactly OpenSSL would be looking for them, either. > > People worried about this problem probably would want a way to > > fill the list of trusted CA certificates.
Right, this is just a helper in case OpenSSL is configured correctly by the OS vendor (the OpenSSL packaged by Linux distros usually is). > Erh, those people can already do this, but the problem is by default > none are selected. > IMHO something is probably better than nothing in this case(by default). We can't change anything *by default* since it would break compatibility. We can just provide helpers and arguments to make it easy to switch to a more "secure" behaviour (for some meaning of secure). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10441> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
