david <db.pub.m...@gmail.com> added the comment: Yes totally imho these modules should get fixed to actually do ssl checking. This means that most users of these methods, even if they think they are doing it properly as per the ssl module page, are still vulnerable to attack.
I will add this comment to the bug you linked to above. As an example, it only took a few minutes to confirm that the default bzr install on ubuntu is vulnerable -> https://bugs.edge.launchpad.net/bzr/+bug/651161 (bzr is only vulnerable if pycurl isn't installed but pycurl is only a suggestion not a dependency ... ). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9983> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com