DendroPy icon indicating copy to clipboard operation
DendroPy copied to clipboard

Published 20 hours ago verified publisher icon jeetsukumaran

Re-enable secure SSL in setup.py

Open kislyuk opened this issue 3 years ago • 2 comments

Hi, I noticed that DendroPy disables SSL certificate verification globally in setup.py:

import ssl
if hasattr(ssl, '_create_unverified_context'):
    ssl._create_default_https_context = ssl._create_unverified_context

It seems this workaround should no longer be necessary. Can it be removed to avoid any doubts about security at install time?

kislyuk avatar Apr 03 '21 22:04 kislyuk

No longer necessary universally, or no longer necessary for particular/latest versions of Python, OS, etc.?

jeetsukumaran avatar Apr 03 '21 22:04 jeetsukumaran

Disabling SSL security is not necessary in any supported configuration of Python or its host OS that I'm aware of.

kislyuk avatar Apr 03 '21 22:04 kislyuk