david <db.pub.m...@gmail.com> added the comment: On 19 November 2010 03:48, Antoine Pitrou <rep...@bugs.python.org> wrote: > > Antoine Pitrou <pit...@free.fr> added the comment: > >> > This may not be satisfying to users. For example, our Windows >> > distribution doesn't ship with any certicates (AFAIK); I have no >> > clue where exactly OpenSSL would be looking for them, either. >> > People worried about this problem probably would want a way to >> > fill the list of trusted CA certificates. > > Right, this is just a helper in case OpenSSL is configured correctly by > the OS vendor (the OpenSSL packaged by Linux distros usually is). > >> Erh, those people can already do this, but the problem is by default >> none are selected. >> IMHO something is probably better than nothing in this case(by default). > > We can't change anything *by default* since it would break > compatibility. We can just provide helpers and arguments to make it easy > to switch to a more "secure" behaviour (for some meaning of secure).
what about an environmental setting that can be used to enforce checking (or the like) ? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10441> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
