On 1 December 2014 at 22:58, Donald Stufft <[email protected]> wrote: > On Dec 1, 2014, at 7:40 AM, Wichert Akkerman <[email protected]> wrote: > I am wondering: with Python 2.7.9 about to be released with a backport of > Python 3’s ssl module, can pip start supporting SNI without any external > dependencies? That would be a huge help for people who need to use SNI. > > Regards, > Wichert. > _______________________________________________ > Distutils-SIG maillist - [email protected] > https://mail.python.org/mailman/listinfo/distutils-sig > > > Yes, pip just uses requests to validate HTTPS. Requests gates the stdlib SNI > stuff on whether or not the stdlib has SSLContext and the HAS_SNI variables. > This should automatically work with 2.7.9.
For the benefit of anyone that isn't already aware, the transport security work in the packaging ecosystem was actually one of the factors feeding into the eventual decision to backport the Python 3 transport security improvements to Python 2.7. ensurepip + the SSL/TLS upgrades + defaulting to verified HTTPS all ending up in the same Python 2.7 release arose out of the process of figuring out how to address an inter-connected set of significant usability issues (which become much harder to ignore once you're working on secure package distribution infrastructure). Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
