Message203884
| Author |
christian.heimes |
| Recipients |
Arfrever, Giovanni.Bajo, alexis, barry, benjamin.peterson, christian.heimes, devin, dstufft, eric.araujo, fdrake, georg.brandl, jwilk, larry, loewis, pitrou, richard, skrah, tarek, techtonik |
| Date |
2013年11月22日.21:25:22 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<57810381-2cdb-4b04-b1c1-9cf6ec8cadcc@email.android.com> |
| In-reply-to |
<1385154623.35.0.823063484564.issue12226@psf.upfronthosting.co.za> |
| Content |
How about:
- load ca cert from default verify locations
- try connect with CERT_REQUIRED
- print warning when cert validation fails and try again with CERT_NONE
- match hostname otherwise
At least this warns the user about the issue. Is there way to distinguish between CA missing and other failures?
Antoine Pitrou <report@bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Well, passive attacks are the easiest to mount by a casual attacker, so
>I think this is important to get in.
>
>----------
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue12226>
>_______________________________________ |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年11月22日 21:25:22 | christian.heimes | set | recipients:
+ christian.heimes, loewis, fdrake, barry, richard, georg.brandl, pitrou, larry, techtonik, benjamin.peterson, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis, devin, Giovanni.Bajo, dstufft |
| 2013年11月22日 21:25:22 | christian.heimes | link | issue12226 messages |
| 2013年11月22日 21:25:22 | christian.heimes | create |
|