On 09/03/2014 10:15 AM, Alex Gaynor wrote:
Ethan Furman writes:
I apologize if I missed this point, but if we have the source code then it is
possible to go in and directly modify the application/utility to be able to
talk over https to a router with an invalid certificate? This is an option
when creating the ssl_context?
Yes, it's totally possible to create (and pass to ``http.client``) an
``SSLContext`` which doesn't verify various things. My proposal is only about
changing what happens when you don't explicitly pass a context.
Excellent. Last question (I hope): it is possible to (easily) create an SSLContext that will verify against a
self-signed certificate?
--
~Ethan~
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
