Benjamin Peterson added the comment:
I don't think we're planning to distribute our own store of certs.
--
resolution: - works for me
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
Changes by koobs koobs.free...@gmail.com:
--
nosy: +koobs
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list mailing
Dima Tisnek added the comment:
re: cert_paths = [...]
This approach is rather problematic, there's no guarantee that a path trusted
on one system is trusted on another.
I saw this in setuptools branch, where it does:
for path in cert_path:
if os.path.exists(path)
return path
Christian Heimes added the comment:
All these paths are on directories that are supposed to be read-only for
untrusted users. You can't protect yourself against a malicious admin anyway.
For Python 3.4 the ssl module uses the cert path that are configured with
OpenSSL. The paths and
Changes by Ludwig Nussel ludwig.nus...@suse.de:
--
nosy: +lnussel
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list
Changes by Donald Stufft donald.stu...@gmail.com:
--
nosy: +dstufft
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list
Antoine Pitrou added the comment:
I think we can improve the situation with shipping our own CA certs.
Almost every operating system or distribution comes with a set of CA
certs.
Why would we ship our own CA certs if every OS comes with CA certs?
I lots of Linux distributions and most BSD
Barry A. Warsaw added the comment:
On Jul 08, 2013, at 11:56 AM, Antoine Pitrou wrote:
I don't think it's a good idea to maintain a list of hard-coded
paths in Python: it's not manageable, and it will always become
outdated. If there was a widely-respected standard (e.g. in FHS or
LSB), things
Christian Heimes added the comment:
I think we can improve the situation with shipping our own CA certs. Almost
every operating system or distribution comes with a set of CA certs.
I lots of Linux distributions and most BSD systems. All except FreeBSD install
CA certs by default. A fresh
Changes by Barry A. Warsaw ba...@python.org:
--
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list mailing
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
Changes by Florian Weimer fwei...@redhat.com:
--
nosy: +fweimer
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list
Antoine Pitrou added the comment:
Éric's suggestion is also implemented in python-requests if I remember
correctly. It allows for user-specified PEM files and tries to find the
operating system bundle. This would be a wonderful inclusion in the
standard library.
Aren't
Éric Araujo added the comment:
Copy of a message by Christian Heimes on a duplicate report:
For effective SSL server cert validation a bundle of trustworthy CA certs is
required. Most system ship such a bundle but it's not always possible to access
the bundle from Python / OpenSSL. Windows
Ian Cordasco added the comment:
Éric's suggestion is also implemented in python-requests if I remember
correctly. It allows for user-specified PEM files and tries to find the
operating system bundle. This would be a wonderful inclusion in the standard
library.
--
nosy: +icordasc
Éric Araujo added the comment:
I propose to change the scope of this request to: ssl module should provide a
way to access the OS CA bundle.
--
versions: +Python 3.4 -Python 3.3
___
Python tracker rep...@bugs.python.org
Changes by Éric Araujo mer...@netwok.org:
--
nosy: +eric.araujo, loewis
versions: -Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
Changes by Éric Araujo mer...@netwok.org:
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list mailing
New submission from naif n...@globaleaks.org:
For the certificate store:
Can we eventually agree to bind a default CA-store to a Mozilla verified one?
Mozilla in handling Firefox does a great job in keeping CA-store up-to-date.
Integrating default mozilla CA-store with Python builds could be a
Changes by naif n...@globaleaks.org:
--
type: - security
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list mailing
naif n...@globaleaks.org added the comment:
Mozilla CA are available on:
https://www.mozilla.org/projects/security/certs/
The warranty and security process of Mozilla handling of SSL CA root certs is
described on:
https://wiki.mozilla.org/CA
I think that Python language could reasonably
Changes by Jesús Cea Avión j...@jcea.es:
--
nosy: +jcea
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13655
___
___
Python-bugs-list mailing list
Benjamin Peterson benja...@python.org added the comment:
I'm not sure Python should be in the business of distributing CA certificates.
I think it's better left to the application or Linux distribution.
--
nosy: +benjamin.peterson
___
Python tracker
23 matches
Mail list logo
