On Jun 3, 2013, at 4:19 PM, Christian Heimes <christ...@python.org> wrote:
> Am 03.06.2013 21:52, schrieb Antoine Pitrou: >> cadefault=True will probably be fail if the system certs are not >> properly configured in OpenSSL, e.g. under Windows or with a hand-made >> OpenSSL build. >> And, because of the way the OpenSSL API works, there's no way of >> knowing if it is the case or not: >> http://docs.python.org/3.4/library/ssl.html#ssl.SSLContext.set_default_verify_paths > > I only see an issue for uncommon Linux distributions and exotic Unices. > > For Windows an interface to crypt32 API solves the CA issue as shown in > my wincertstore module. It gives the user the same SSL experience as > Internet Explorer. > > Most Linux and BSD-ish operating systems have SSL certs at some standard > location. > https://bitbucket.org/pypa/setuptools/src/6de3186fdfd9f5b543380e9aca2d48976cfc38cd/setuptools/ssl_support.py?at=default#cl-15 > lists a couple of standard locations. > > Under which conditions do we need to ship a CA cert file? > > Christian > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > http://mail.python.org/mailman/options/python-dev/donald%40stufft.io What about OSX? ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
