Chet Nichols III added the comment:
Oh yeah, definitely not trustworthy at all. In my case, I am not processing the
peer chain to actually verify trust, but I am still interested in inspecting
the chain.
Dangerous or not, and regardless of what almost all people should *actually* be
doing, SSL_get_peer_cert_chain exists for a reason, just like
SSL_get_peer_certificate exists for a reason. If Python includes a standard SSL
library, it should be transparent in the interface it offers, for the mere
reason that the library becomes more powerful.
If the overall consensus is that the library should protect most people against
common pitfalls and security mistakes, then I guess that's the route to
continue on. However, I would be disappointed that we would be blacklisting
the exposure of underlying library features based on the mere belief that
people don't understand them enough!
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue18233>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com