[issue17123] Add OCSP support to ssl module

2019-10-16 Thread Daniel Kahn Gillmor
Daniel Kahn Gillmor added the comment: On Thu 2019-10-10 01:38:42 +, Benjamin Peterson wrote: > Considering OSCP has fallen out of favor relative to CT in recent > years, may be should simply reject this feature request. CT provides the possibility of a website operator to *detect* CA

[issue17123] Add OCSP support to ssl module

2019-10-15 Thread Shane Harvey
Change by Shane Harvey : -- nosy: +ShaneHarvey ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue17123] Add OCSP support to ssl module

2019-10-15 Thread Bernie Hackett
Bernie Hackett added the comment: OCSP is the only way Let's Encrypt supports revocation. It would be really useful to have stapling verification supported in the standard library, even just the callback support PyOpenSSL supports. https://letsencrypt.org/docs/revoking/ -- nosy:

[issue17123] Add OCSP support to ssl module

2019-10-09 Thread Benjamin Peterson
Benjamin Peterson added the comment: Considering OSCP has fallen out of favor relative to CT in recent years, may be should simply reject this feature request. -- ___ Python tracker

[issue17123] Add OCSP support to ssl module

2019-10-09 Thread Daniel Kahn Gillmor
Daniel Kahn Gillmor added the comment: It would be great to see at least minimal OCSP stapling support (in the form of callbacks on the client and server sides) availabl in the ssl module, similar to the way that pyopenssl has added such callbacks:

[issue17123] Add OCSP support to ssl module

2018-02-25 Thread Christian Heimes
Change by Christian Heimes : -- versions: +Python 3.8 -Python 3.7 ___ Python tracker ___

[issue17123] Add OCSP support to ssl module

2016-09-15 Thread Christian Heimes
Changes by Christian Heimes : -- assignee: -> christian.heimes components: +SSL ___ Python tracker ___

[issue17123] Add OCSP support to ssl module

2016-09-08 Thread Christian Heimes
Christian Heimes added the comment: I'll add OCSP stapling verification to 3.7. -- versions: +Python 3.7 -Python 3.5 ___ Python tracker ___

[issue17123] Add OCSP support to ssl module

2015-04-17 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___

[issue17123] Add OCSP support to ssl module

2013-12-21 Thread Antoine Pitrou
Changes by Antoine Pitrou pit...@free.fr: -- type: security - enhancement ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___ ___

[issue17123] Add OCSP support to ssl module

2013-10-21 Thread Christian Heimes
Christian Heimes added the comment: I won't have time for a proper implementation for 3.4. Defer to 3.5 -- versions: +Python 3.5 -Python 2.6, Python 2.7, Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123

[issue17123] Add OCSP support to ssl module

2013-10-21 Thread Larry Hastings
Changes by Larry Hastings la...@hastings.org: -- nosy: -larry ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___ ___ Python-bugs-list

[issue17123] Add OCSP support to ssl module

2013-04-28 Thread Georg Brandl
Changes by Georg Brandl ge...@python.org: -- versions: -Python 3.2, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___ ___

[issue17123] Add OCSP support to ssl module

2013-04-19 Thread Phil Connell
Changes by Phil Connell pconn...@gmail.com: -- nosy: +pconnell ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___ ___ Python-bugs-list

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Christian Heimes
New submission from Christian Heimes: Python's ssl module doesn't support OCSP [1]. The example code at [2] doesn't look too complicated. We should consider OCSP at least for 3.4 and may want to backport it to older versions to prevent MITM attacks on PyPI downloads.

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Antoine Pitrou
Antoine Pitrou added the comment: Can you explain how OCSP helps prevent MITM attacks? - Mail original - De: Christian Heimes rep...@bugs.python.org À: pit...@free.fr Envoyé: Lundi 4 Février 2013 17:14:32 Objet: [issue17123] Add OCSP support to ssl module New submission from

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Christian Heimes
Changes by Christian Heimes li...@cheimes.de: -- nosy: +barry, benjamin.peterson, georg.brandl, larry priority: high - release blocker ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Christian Heimes
Christian Heimes added the comment: OCSP can prevent MITM attacks when the private server cert or CA cert got compromised or stolen somehow. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Jesús Cea Avión
Changes by Jesús Cea Avión j...@jcea.es: -- nosy: +jcea ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17123 ___ ___ Python-bugs-list mailing list

[issue17123] Add OCSP support to ssl module

2013-02-04 Thread Antoine Pitrou
Antoine Pitrou added the comment: Christian, I really don't agree this should be a release blocker, and especially not for bugfix branches. -- priority: release blocker - normal ___ Python tracker rep...@bugs.python.org