On Tue, 23 May 2017 23:09:31 -0500 Victor Stinner <victor.stin...@gmail.com> wrote: > Le 23 mai 2017 20:43, "David Wilson" <dw+python-...@hmmz.org> a écrit : > In which case, what is to prevent Requests from just depending on > > pyOpenSSL as usual? > > > From what I heard, pyOpenSSL development is slowing down, so I'm not sure > that it's really safe and future-proof (TLS 1.3 anyone?).
So what? Python 2.7 isn't future-proof either... > I'm still writing 2.7 code every day and would love to see it live a > little longer, but accepting every feature request seems the wrong way > to go - and MemoryBIO is a hard sell as a security enhancement, it's new > functionality. Agreed with this. > You are true that they are new features. I disagree on the "accepting every > feature" part: we are talking about two classes and it's restricted to > security. The new TLS API wouldn't significantly improve security. It's just a different API. > I also understood that getting access to system CA allows admins to > register their company CA and so avoid that users ignore the TLS warning > (unknown CA). System admins can add the company CA at the system level in the system's CA cert store, they have no need for a Python API. Actually, they certainly don't want to modify every Python application to add a company CA. Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
