Tag
certificate-verification
Safeguard articles tagged "certificate-verification" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
How to actually implement TLS correctly in Python
One `verify=False` in a requests call disables both certificate and hostname checks — the same escape hatch PEP 476 tried to close in 2014.
Jul 12, 20265 min read
Vulnerability Analysis
urllib3 CA certificate verification bypass (CVE-2019-11324)
CVE-2019-11324 let urllib3 silently trust unintended CAs during custom certificate validation, undermining pinned-trust and mTLS setups.
Dec 31, 20257 min read