[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
Antoine Pitrou
report at bugs.python.org
Wed Sep 29 15:11:56 CEST 2010
Antoine Pitrou <pitrou at free.fr> added the comment:
> @pitrou you should also put an example of how to ACTUALLY establish a
> connection that can't be MITMed. Because lots of people are getting
> this wrong....
It would require writing the code for checking hostnames that the ssl
module currently lacks, so if I write that code I'd rather add it to the
ssl module rather than as an example in the docs :)
But, yes, I agree that the situation is quite unsatisfying right now.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9983>
_______________________________________
More information about the Python-bugs-list
mailing list