On Wed, 28 Jul 2010 22:23:48 -0700 geremy condra <debat...@gmail.com> wrote: > > > > The new Python SSL module in 2.6 and later has a huge built-in > > security hole - it doesn't verify the domain against the > > certificate. As someone else put it, this means "you get to > > talk securely with your attacker." As long as the site or proxy > > has some valid SSL cert, any valid SSL cert copied from anywhere, > > the new Python SSL module will tell you everything is just fine. > > > > John Nagle > > Did anything ever come of the discussion that you and Antoine had?
As I wrote in http://bugs.python.org/issue1589, I would support adding the necessary function(s) to the SSL module, and have urllib (and other stdlib modules) support them. Someone needs to write a patch, though. Regards Antoine. -- http://mail.python.org/mailman/listinfo/python-list
