On Thu, 13 Mar 2014 14:57:41 +0100 Victor Stinner <victor.stin...@gmail.com> wrote: > 2014-03-13 11:49 GMT+01:00 Christian Heimes <christ...@python.org>: > > * All stdlib modules now support server cert verification including > > hostname matching and CRL. > > > > * http://bugs.python.org/issue16499 isolated mode is a security > > improvement, too. > > Ok, I added these two items. > > Antoine wrote: > > CRL? really? I don't remember us doing automatic CRL downloads. > > It's just the "support", nothing is automatic. I understood that you > *can* load CRL and ask for CRL validation, but it must be done > explicitly. There is a function to retrieve system CRLs on Windows.
Then you should perhaps make your phrasing more explicit, because people may wrongly assume that CRL checking will be done automatically (IMHO). (especially since hostname checking, AFAIK, *is* automatic now) Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
