subject:"\[Python\-Dev\] PYTHONHTTPSVERIFY env var \(was\: Clarification of PEP 476 opting out section\)"

Re: [Python-Dev] PYTHONHTTPSVERIFY env var (was: Clarification of PEP 476 opting out section)

2015-05-08 Thread M.-A. Lemburg

On 07.05.2015 04:30, Nick Coghlan wrote:
 Can we please make the monkeypatch a regular part of Python's
 site.py which can enabled via an environment variable, say
 export PYTHONHTTPSVERIFY=0.

 See http://bugs.python.org/issue23857 for the discussion.
 ...
 I actually do think it would be good to have such a feature as a
 native part of Python 2.7 in order to provide a nicer revert to the
 pre-PEP-476 behaviour experience for Python 2.7 users (leaving the
 there's no easy way to turn HTTPS certificate verification off
 globally state of affairs to Python 3), but I don't currently have
 the time available to push for that against the end users can't be
 trusted not to turn certificate verification off when they should be
 fixing their certificate management instead perspective.

We're currently working on a new release of eGenix PyRun and this
will include Python 2.7.9.

We do want to add such an env switch to disable the cert verification,
so would like to know whether we can use PYTHONHTTPSVERIFY for this
or not.

We mainly need this to reenable simple use of self-signed certificates
which 2.7.9 disables.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, May 08 2015)
 Python Projects, Coaching and Consulting ...  http://www.egenix.com/
 mxODBC Plone/Zope Database Adapter ...   http://zope.egenix.com/
 mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/


: Try our mxODBC.Connect Python Database Interface for free ! ::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
   Registered at Amtsgericht Duesseldorf: HRB 46611
   http://www.egenix.com/company/contact/
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] PYTHONHTTPSVERIFY env var (was: Clarification of PEP 476 opting out section)

2015-05-08 Thread Nick Coghlan

On 8 May 2015 6:52 pm, M.-A. Lemburg m...@egenix.com wrote:

 On 07.05.2015 04:30, Nick Coghlan wrote:
  Can we please make the monkeypatch a regular part of Python's
  site.py which can enabled via an environment variable, say
  export PYTHONHTTPSVERIFY=0.
 
  See http://bugs.python.org/issue23857 for the discussion.
  ...
  I actually do think it would be good to have such a feature as a
  native part of Python 2.7 in order to provide a nicer revert to the
  pre-PEP-476 behaviour experience for Python 2.7 users (leaving the
  there's no easy way to turn HTTPS certificate verification off
  globally state of affairs to Python 3), but I don't currently have
  the time available to push for that against the end users can't be
  trusted not to turn certificate verification off when they should be
  fixing their certificate management instead perspective.

 We're currently working on a new release of eGenix PyRun and this
 will include Python 2.7.9.

 We do want to add such an env switch to disable the cert verification,
 so would like to know whether we can use PYTHONHTTPSVERIFY for this
 or not.

That's a slightly misleading quotation of my post, as I'm opposed to the
use of an environment variable for this, due to the fact that using the
-E switch will then revert to the upstream default behaviour of verifying
certificates, rather defeating the point of introducing the legacy
infrastructure compatibility feature in the first place.

A new informational PEP akin to PEP 394 that defines a config file location
 contents for downstream redistributors that need a smoother transition
plan for PEP 476 will let us handle this in a consistent way across
redistributors that's also compatible with runtime use of the -E switch.

Cheers,
Nick.


 We mainly need this to reenable simple use of self-signed certificates
 which 2.7.9 disables.

 --
 Marc-Andre Lemburg
 eGenix.com

 Professional Python Services directly from the Source  (#1, May 08 2015)
  Python Projects, Coaching and Consulting ...  http://www.egenix.com/
  mxODBC Plone/Zope Database Adapter ...   http://zope.egenix.com/
  mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/
 

 : Try our mxODBC.Connect Python Database Interface for free ! ::

eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] PYTHONHTTPSVERIFY env var (was: Clarification of PEP 476 opting out section)

Re: [Python-Dev] PYTHONHTTPSVERIFY env var (was: Clarification of PEP 476 opting out section)

2 matches

Site Navigation

Mail list logo

Footer information