On Nov 07, 2013, at 10:42 PM, Christian Heimes wrote: >You misunderstood me. I'm not proposing a global SSLContext object but a >factory function that creates a context for Python stdlib modules. Right >now every urllib, http.client, nntplib, asyncio, ftplib, poplib and >imaplib have duplicated code. I'd like to have ONE function that creates >and configures a SSLContext object with sensible default values for >Python stdlib.
I'm sure you're considering this, but I want to explicitly preserve the ability to register self-signed certificates. It's often necessary in practice, but very useful for testing purposes. ssl.SSLContext.load_cert_chain() is the way to do this, but will this be exposed in your proposed factory function? If not, then I think it's critically important that whatever API is exposed in the client code not hide the SSLContext object, such that clients of the client code can load up those self-signed certificates after the context has been created. -Barry _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
