| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by rfugger 5080 days ago

Python does have some certificate-checking machinery:

http://docs.python.org/library/ssl.html#functions-constants-...

http://docs.python.org/library/ssl.html#ssl-certificates

However, this isn't exposed in the higher-level httplib.HTTPSConnection class for some reason. I'd bet it's not too hard to write your own subclass to handle it though.

2 comments

natrius 5080 days ago

If you're using Python for HTTP requests, you should be using Requests, which checks SSL certificates by default (as far as I can tell).

http://docs.python-requests.org/en/latest/

link

voltagex_ 5080 days ago

Yeah, I posted this below. It's mentioned in the advanced section. Why checking your SSL certs is an advanced topic I don't know.

link

__alexs 5080 days ago

This doesn't do any CRL or OCSP checks at all so you are still vulnerable to attacks using revoked certificates.

link