iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 493: address review comments from Barry

This commit is contained in:
Nick Coghlan 2016-02-24 16:29:59 +10:00
parent 254ad75c22
commit 16fcb881c2
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pep-0493.txt
View File

@ -118,16 +118,19 @@ versions, the Python version number cannot be used as a reliable means for
detecting them. Instead, they are designed to allow the presence
or absence of the feature to be determined using the following technique::
python -c "import ssl; ssl._relevant_attribute"
python -c "import ssl; ssl.<_relevant_attribute>"
This will fail with `AttributeError` (and hence a non-zero return code) if the
relevant capability is not available.
The feature detection attributes defined by this PEP are:
* ``ssl._https_verify_certificates``: runtime configuration API
* ``ssl._https_verify_envvar``: environment based configuration
* ``ssl._cert_verification_config``: file based configuration (PEP 476 opt-in)
The marker attributes are prefixed with an underscore to indicate the
implementation dependent nature of these capabilities - not all Python
distributions will offer them, only those that are providing a multi-stage
migration process from the original Python 2.7 HTTPS handling to the new
default behaviour.
implementation dependent and security sensitive nature of these capabilities.
Feature: Configuration API
@ -186,7 +189,7 @@ Feature: environment based configuration
This change is proposed for inclusion in CPython 2.7.12 and later CPython 2.7.x
releases. It consists of a new ``PYTHONHTTPSVERIFY`` environment variable that
allows the default verification to be disabled without modifying the
can be set to ``'0'`` to disable the default verification without modifying the
application source code (which may not even be available in cases of
bytecode-only application distribution)
@ -285,7 +288,7 @@ Feature detection
There's no specific attribute indicating that this situation applies. Rather,
it is indicated by the ``ssl._https_verify_certificates`` and
``ssl._https_verify_envvar`` attributes being present in a Python version that
is nominally older than Python 2.7.9.
is nominally older than Python 2.7.12.
Specification
-------------
@ -501,7 +504,7 @@ turned off installation wide when using this approach is because:
verifying HTTPS certificates by default than that being provided by the
upstream project
* either the redistributor or the local infrastructure administrator has
determined that it is appropriate to retaing the default pre-2.7.9 behaviour
determined that it is appropriate to retain the default pre-2.7.9 behaviour
(at least for the time being)
Using an administrator controlled configuration file rather than an environment