[issue14780] SSL should use OpenSSL-defined default certificate store if ca_certs parameter is omitted
James Oakley
report at bugs.python.org
Fri May 11 20:06:26 CEST 2012
James Oakley <jfunk at funktronics.ca> added the comment:
Something like this perhaps?
--- a/Lib/urllib/request.py Fri May 11 13:11:02 2012 -0400
+++ b/Lib/urllib/request.py Fri May 11 11:03:02 2012 -0700
@@ -135,16 +135,19 @@
_opener = None
def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
- *, cafile=None, capath=None):
+ *, cafile=None, capath=None, cadefault=True):
global _opener
if cafile or capath:
if not _have_ssl:
raise ValueError('SSL support not available')
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.options |= ssl.OP_NO_SSLv2
- if cafile or capath:
+ if cafile or capath or cadefault:
context.verify_mode = ssl.CERT_REQUIRED
- context.load_verify_locations(cafile, capath)
+ if cafile or capath:
+ context.load_verify_locations(cafile, capath)
+ else:
+ context.load_default_verify_locations()
check_hostname = True
else:
check_hostname = False
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14780>
_______________________________________
More information about the Python-bugs-list
mailing list