Hacker News new | past | comments | ask | show | jobs | submit login

Why working so hard, when M2Crypto [1] will do everything for you [2] ?

If you're doing anything serious with Python and SSL, you're going to use M2Crypto - period. Because when it comes to security, the less you "roll your own", the better.

[1] http://chandlerproject.org/Projects/MeTooCrypto

[2] http://svn.osafoundation.org/m2crypto/trunk/demo/x509/certda...




Sadly, that M2Crypto script doesn't check for certificates which are not trusted for issuing SSL server certs. So whilst it happens to skip a few, it will include over a dozen inappropriate certs in the final output!!

This is exactly the problem that https://github.com/agl/extract-nss-root-certs was written to solve. I'd strongly recommend using it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: