On Fri, Jun 26, 2009 at 07:01:24PM +0200, Nobody wrote: > For a urllib-style interface, there's not much point in performing > verification after the fact. Either the library performs verification or > it doesn't. If it doesn't, you've just sent the (potentially confidential) > request to an unknown server; discovering this after the fact doesn't > really help.
I was more thinking about supplying a/some CA certificate(s) and requiring that the site cert be valid (otherwise the connection should fail). This sounds very EAFP to me. Andras -- http://mail.python.org/mailman/listinfo/python-list
