subject:"\[Python\-Dev\] Clarification of PEP 476 opting out section"

Re: [Python-Dev] Clarification of PEP 476 opting out section

2015-04-30 Thread M.-A. Lemburg

On 30.04.2015 02:33, Nick Coghlan wrote:
 Hi folks,
 
 This is just a note to highlight the fact that I tweaked the Opting
 out section in PEP 476 based on various discussions I've had over the
 past few months: https://hg.python.org/peps/rev/dfd96ee9d6a8
 
 The notable changes:
 
 * the example monkeypatching code handles AttributeError when looking
 up ssl._create_unverified_context, in order to accommodate older
 versions of Python that don't have PEP 476 implemented
 * new paragraph making it clearer that while the intended use case for
 the monkeypatching trick is as a workaround to handle environments
 where you *know* HTTPS certificate verification won't work properly
 (including explicit references to sitecustomize.py and Standard
 Operating Environments for Python), there's also a secondary use case
 in allowing applications to provide a system administrator controlled
 setting to globally disable certificate verification (hence the change
 to the example code)
 * new paragraph making it explicit that even though we've improved
 Python's default behaviour, particularly security sensitive
 applications should still provide their own context rather than
 relying on the defaults

Can we please make the monkeypatch a regular part of Python's
site.py which can enabled via an environment variable, say
export PYTHONHTTPSVERIFY=0.

See http://bugs.python.org/issue23857 for the discussion.

Esp. for Python 2.7.9 the default verification from PEP 476
is causing problems for admins who want to upgrade their
Python installation without breaking applications using
Python. They need an easy and official non-hackish way to
opt-out from the PEP 476 default on a per application basis.

Thanks,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Apr 30 2015)
 Python Projects, Coaching and Consulting ...  http://www.egenix.com/
 mxODBC Plone/Zope Database Adapter ...   http://zope.egenix.com/
 mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


: Try our mxODBC.Connect Python Database Interface for free ! ::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Clarification of PEP 476 opting out section

2015-04-30 Thread Antoine Pitrou

On Thu, 30 Apr 2015 09:59:34 +0200
M.-A. Lemburg m...@egenix.com wrote:
 
 Can we please make the monkeypatch a regular part of Python's
 site.py which can enabled via an environment variable, say
 export PYTHONHTTPSVERIFY=0.

-1 (already explained in the bug below).

 See http://bugs.python.org/issue23857 for the discussion.

Regards

Antoine.


___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

[Python-Dev] Clarification of PEP 476 opting out section

2015-04-29 Thread Nick Coghlan

Hi folks,

This is just a note to highlight the fact that I tweaked the Opting
out section in PEP 476 based on various discussions I've had over the
past few months: https://hg.python.org/peps/rev/dfd96ee9d6a8

The notable changes:

* the example monkeypatching code handles AttributeError when looking
up ssl._create_unverified_context, in order to accommodate older
versions of Python that don't have PEP 476 implemented
* new paragraph making it clearer that while the intended use case for
the monkeypatching trick is as a workaround to handle environments
where you *know* HTTPS certificate verification won't work properly
(including explicit references to sitecustomize.py and Standard
Operating Environments for Python), there's also a secondary use case
in allowing applications to provide a system administrator controlled
setting to globally disable certificate verification (hence the change
to the example code)
* new paragraph making it explicit that even though we've improved
Python's default behaviour, particularly security sensitive
applications should still provide their own context rather than
relying on the defaults

Regards,
Nick.

-- 
Nick Coghlan   |   ncogh...@gmail.com   |   Brisbane, Australia
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Clarification of PEP 476 opting out section

Re: [Python-Dev] Clarification of PEP 476 opting out section

[Python-Dev] Clarification of PEP 476 opting out section

3 matches

Site Navigation

Mail list logo

Footer information