STINNER Victor added the comment:
> The changes for 3.4 are incomplete
Ok, I fixed most obvious issues. There is a major severe issue in Lib/ssl.py:
def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
...
This line fails if PROTOCOL_SSLv3 name does not exist. I propose to use
PROTOCOL_SSLv23 by default if PROTOCOL_SSLv3 does not exist, as done in Python
3.5. See attached patch.
A better option (more secure?) is to use PROTOCOL_SSLv23 by default.
What do you think? I prefer to switch to PROTOCOL_SSLv23 by default in Python
3.4.
----------
Added file: http://bugs.python.org/file37423/get_server_certificate_sslv3.patch
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue22935>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
