[New-bugs-announce] [issue22417] PEP 476: verify HTTPS certificates by default
Nick Coghlan
report at bugs.python.org
Mon Sep 15 14:34:29 CEST 2014
New submission from Nick Coghlan:
Attached minimal patch updates http.client.HTTPSConnection to validate certs by default and adjusts test.test_httplib accordingly.
It doesn't currently include any docs changes, or changes to urllib.
The process wide "revert to the old behaviour" hook is to monkeypatch the ssl module:
ssl._create_default_https_context = ssl._create_unverified_context
To monkeypatch the stdlib to validate *everything* (this one isn't new, just noting it for the record):
ssl._create_stdlib_context = ssl.create_default_context
----------
files: pep476_minimal_implementation.diff
keywords: patch
messages: 226912
nosy: alex, larry, ncoghlan
priority: high
severity: normal
status: open
title: PEP 476: verify HTTPS certificates by default
type: enhancement
Added file: http://bugs.python.org/file36624/pep476_minimal_implementation.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22417>
_______________________________________
More information about the New-bugs-announce
mailing list