Antoine Pitrou <pit...@free.fr> added the comment: > > Having applications/scripts explicitly opt-in to a default CA > > certificate list would be an option (then making those applications > > break in installations where the default CA list is empty). > > "Errors should never pass silently." > IMHO it is an error not to check by default. > No it wouldn't break anything that shouldn't break. > Users can then pass in None for the capath (as an example).
Well, can you stop insisting? It is probably the third time that we explain you we can't break compatibility on this. (also, many SSL sites are not covered by "default" CA certificates shipped by most vendors, e.g. self-signed certificates or certificates signed by CAcert) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10441> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
