Message181460
| Author |
eric.araujo |
| Recipients |
benjamin.peterson, eric.araujo, jcea, loewis, naif, pitrou |
| Date |
2013年02月05日.16:44:05 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1360082646.06.0.394334325009.issue13655@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Copy of a message by Christian Heimes on a duplicate report:
For effective SSL server cert validation a bundle of trustworthy CA certs is required. Most system ship such a bundle but it's not always possible to access the bundle from Python / OpenSSL. Windows and Mac OS X come into my mind. wget and curl ship a copy of Mozilla's CA cert bundle.
The site http://curl.haxx.se/docs/caextract.html explains how to extract the CA certs in PEM format. I suggest that we ship the CA bundle with Python and use a lookup chain:
- user defined path to a cacert directory or cacert.pem file
- cacert directory or PEM file in the user's home directory:
cacertdir = os.path.join(site.USER_SITE, os.pardir, "cacert")
cacertfile = os.path.join(site.USER_SITE, os.pardir, "cacert.pem")
- system's ca cert directory (/etc/ssl/certs on Linux)
- CA cert bundle shipped with the Python installation. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年02月05日 16:44:06 | eric.araujo | set | recipients:
+ eric.araujo, loewis, jcea, pitrou, benjamin.peterson, naif |
| 2013年02月05日 16:44:06 | eric.araujo | set | messageid: <1360082646.06.0.394334325009.issue13655@psf.upfronthosting.co.za> |
| 2013年02月05日 16:44:06 | eric.araujo | link | issue13655 messages |
| 2013年02月05日 16:44:05 | eric.araujo | create |
|