On Sun, 31 Aug 2014 03:25:25 +0200, Antoine Pitrou <solip...@pitrou.net> wrote: > On Sun, 31 Aug 2014 09:26:30 +1000 > Nick Coghlan <ncogh...@gmail.com> wrote: > > >> > > >> * configuration: > > >> > > >> It would be good to be able to switch this on or off > > >> without having to change the code, e.g. via a command > > >> line switch and environment variable; perhaps even > > >> controlling whether or not to raise an exception or > > >> warning. > > >> > > >> * choice of trusted certificate: > > >> > > >> Instead of hard wiring using the system CA roots into > > >> Python it would be good to just make this default and > > >> permit the user to point Python to a different set of > > >> CA roots. > > >> > > >> This would enable using self signed certs more easily. > > >> Since these are often used for tests, demos and education, > > >> I think it's important to allow having more control of > > >> the trusted certs. > > > > > > > > > +1 for PEP with above changes. > > > > Ditto from me. > > > > In relation to changing the Python CLI API to offer some of the wget/curl > > style command line options, I like the idea of providing recipes in the > > docs for implementing them at the application layer, but postponing making > > the *default* behaviour configurable that way. > > I'm against any additional environment variables and command-line > options. It will only complicate and obscure the security parameters of > certificate validation. > > The existing knobs have already been mentioned in this thread, I won't > mention them here again.
Do those knobs allow one to instruct urllib to accept an invalid certificate without changing the program code? --David _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
