[Python-Dev] Proposed schedule for 3.4.2
Nick Coghlan
ncoghlan at gmail.com
Tue Sep 9 00:20:52 CEST 2014
On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org> wrote:
> >
> >This would need to be updated first, once it *did* take such an argument,
> >this would be accomplished by:
> >
> >context = ssl.create_default_context()
> >context.verify_mode = CERT_OPTIONACERT_NONE
> >context.verify_hostname = False
> >urllib.request.urlopen("
https://something-i-apparently-dont-care-much-about",
> >context=context)
>
> There's probably an ugly hack possibility that uses unittest.mock.patch.
;)
We could actually make it an "official" hack:
import urllib.request
urllib.request.urlopen = urllib.request._unverified_urlopen
Or else the user can just change the code to call the unverified one
directly.
All we'd have to do is keep the existing version that doesn't validate
certs properly around under the name "_unverified_urlopen".
I like this for a few reasons:
1. It doesn't get much easier than calling function A instead of function B
2. Monkeypatching lets you do a process global hack
3. The name tells you exactly why this is a bad idea
4. It's easy to grep for later after you fix your certs
5. The leading underscore acts as a strong "keep away" signal
6. The leading underscore makes it clear this function may not always be
available (e.g. Jython, older versions of Python)
Cheers,
Nick.
>
> -Barry
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140909/01b798a1/attachment.html>
More information about the Python-Dev
mailing list