iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 493: address review comments from Barry

This commit is contained in:
Nick Coghlan 2016-02-24 16:29:59 +10:00
parent 254ad75c22
commit 16fcb881c2
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pep-0493.txt
View File

@ -118,16 +118,19 @@ versions, the Python version number cannot be used as a reliable means for
detecting them. Instead, they are designed to allow the presence detecting them. Instead, they are designed to allow the presence
or absence of the feature to be determined using the following technique:: or absence of the feature to be determined using the following technique::
python -c "import ssl; ssl._relevant_attribute" python -c "import ssl; ssl.<_relevant_attribute>"
This will fail with `AttributeError` (and hence a non-zero return code) if the This will fail with `AttributeError` (and hence a non-zero return code) if the
relevant capability is not available. relevant capability is not available.
The feature detection attributes defined by this PEP are:
* ``ssl._https_verify_certificates``: runtime configuration API
* ``ssl._https_verify_envvar``: environment based configuration
* ``ssl._cert_verification_config``: file based configuration (PEP 476 opt-in)
The marker attributes are prefixed with an underscore to indicate the The marker attributes are prefixed with an underscore to indicate the
implementation dependent nature of these capabilities - not all Python implementation dependent and security sensitive nature of these capabilities.
distributions will offer them, only those that are providing a multi-stage
migration process from the original Python 2.7 HTTPS handling to the new
default behaviour.
Feature: Configuration API Feature: Configuration API
@ -186,7 +189,7 @@ Feature: environment based configuration
This change is proposed for inclusion in CPython 2.7.12 and later CPython 2.7.x This change is proposed for inclusion in CPython 2.7.12 and later CPython 2.7.x
releases. It consists of a new ``PYTHONHTTPSVERIFY`` environment variable that releases. It consists of a new ``PYTHONHTTPSVERIFY`` environment variable that
allows the default verification to be disabled without modifying the can be set to ``'0'`` to disable the default verification without modifying the
application source code (which may not even be available in cases of application source code (which may not even be available in cases of
bytecode-only application distribution) bytecode-only application distribution)
@ -285,7 +288,7 @@ Feature detection
There's no specific attribute indicating that this situation applies. Rather, There's no specific attribute indicating that this situation applies. Rather,
it is indicated by the ``ssl._https_verify_certificates`` and it is indicated by the ``ssl._https_verify_certificates`` and
``ssl._https_verify_envvar`` attributes being present in a Python version that ``ssl._https_verify_envvar`` attributes being present in a Python version that
is nominally older than Python 2.7.9. is nominally older than Python 2.7.12.
Specification Specification
------------- -------------
@ -501,7 +504,7 @@ turned off installation wide when using this approach is because:
verifying HTTPS certificates by default than that being provided by the verifying HTTPS certificates by default than that being provided by the
upstream project upstream project
* either the redistributor or the local infrastructure administrator has * either the redistributor or the local infrastructure administrator has
determined that it is appropriate to retaing the default pre-2.7.9 behaviour determined that it is appropriate to retain the default pre-2.7.9 behaviour
(at least for the time being) (at least for the time being)
Using an administrator controlled configuration file rather than an environment Using an administrator controlled configuration file rather than an environment