[issue9003] urllib about https behavior

geremy condra report at bugs.python.org
Wed Jun 16 03:04:38 CEST 2010

New submission from geremy condra <debatem1 at gmail.com>:

urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:

1) add mechanisms for enforcing correct behavior to urllib, or
2) change the documentation for that module to include something akin to the following warning:

"Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination."

components: Library (Lib)
messages: 107900
nosy: debatem1
priority: normal
severity: normal
status: open
title: urllib about https behavior
versions: Python 3.1

Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list