Re: Python & SSL

From: jjl@xxxxxxxxx (John J. Lee)
Date: 04 May 2006 17:44:02 +0000

Sybren Stuvel <sybrenUSE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:

John J. Lee enlightened us with:

Of course, remembering that the first thing to ask in response to
"is it secure?" is "against what?", for lots of purposes it just
doesn't matter that it ignores certificates.

I'm curious. Can you give me an example? AFAIK you need to know who
you're talking to before transmitting sensitive information, otherwise
you could be talking to anybody - and that's just what you wanted to
prevent with the encryption, right?

If Edward hadn't answered I would have said something along the lines
of what he said too, but more than that I just had in mind situations
where, when fetching a web page, the risk (probability and
consequences) of a man-in-the-middle attack doesn't feature much
higher than the risk of getting hit by a piece of debris from outer
space that day. Surprisingly often, it so happens that the people
setting up the web site used https, even though as a user of the site
I don't really care about the encryption or authentication.

That doesn't mean proper certificate handling wouldn't be good to have
(it would), just that installing m2crypto and finding the right docs
isn't necessarily worth the bother.

BTW, I assume the reason the OP (I forgot who that was) didn't have
https support compiled in was just that they didn't have OpenSSL
installed when they typed ./configure (since the Python build process
on unix uses autoconf). Either that or they installed a system
package to get Python (e.g. an .rpm) and the SSL support is is a
separate package (seems unlikely).

John

.

References:
- Python & SSL
  - From: James Stroud
- Re: Python & SSL
  - From: John J. Lee
- Re: Python & SSL
  - From: Sybren Stuvel

Prev by Date: Re: Problem building extension under Cygwin (ImportError: Bad address)
Next by Date: Re: Python for Perl programmers
Previous by thread: Re: Python & SSL
Next by thread: redemo.py with Tkinter
Index(es):
- Date
- Thread

Relevant Pages

Re: Certificate Services help
... server with a different name. ... DCs need certificates to talk to each other? ... aren't using certs, you should revoke all certificates and then uninstall ... Certificate Services without installing it on a different server. ...
(microsoft.public.windows.server.general)
Kerberos Key Distribution Center service hung on starting, ID 7022.
... The Kerberos Key Distribution Center service hung on starting. ... The error originates AFTER I installed two web certificates in IIS to ... ONLY AFTER installing the web certificates, ...
(microsoft.public.windows.server.general)
The Kerberos Key Distribution Center service hung on starting. ID 7022.
... The Kerberos Key Distribution Center service hung on starting. ... The error originates AFTER I installed two web certificates in IIS to ... ONLY AFTER installing the web certificates, ...
(microsoft.public.windows.server.security)
Re: Installing Thawte Certificate on imap pop smtp
... I have just received the CA-crt back from thawte. ... I have the webmail portion completed with installing the certificates, but I am having some issues with getting them installed on SMTP. ... (our temporary certificates are now expired and I have to get these installed ASAP) ...
(freebsd-questions)
Re: python certification
... >> money on it (the other guy was only joking). ... > Even if Python is not about certificates, I think it's not the case for ... > Python, they don't know anything about your level. ... (These are the people look for Pearl and Pyhton programmers;) ...
(comp.lang.python)