[Python-Dev] Proposed schedule for 3.4.2

Donald Stufft donald at stufft.io
Tue Sep 9 00:30:35 CEST 2014 

> On Sep 8, 2014, at 6:20 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> 
> 
> On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org <mailto:barry at python.org>> wrote:
> > >
> > >This would need to be updated first, once it *did* take such an argument,
> > >this would be accomplished by:
> > >
> > >context = ssl.create_default_context()
> > >context.verify_mode = CERT_OPTIONACERT_NONE
> > >context.verify_hostname = False
> > >urllib.request.urlopen("https://something-i-apparently-dont-care-much-about <https://something-i-apparently-dont-care-much-about/>",
> > >context=context)
> >
> > There's probably an ugly hack possibility that uses unittest.mock.patch. ;)
> 
> We could actually make it an "official" hack:
> 
>     import urllib.request
>     urllib.request.urlopen = urllib.request._unverified_urlopen
> 
> Or else the user can just change the code to call the unverified one directly.
> 
> All we'd have to do is keep the existing version that doesn't validate certs properly around under the name "_unverified_urlopen".
> 
> I like this for a few reasons:
> 
> 1. It doesn't get much easier than calling function A instead of function B
> 2. Monkeypatching lets you do a process global hack 
> 3. The name tells you exactly why this is a bad idea
> 4. It's easy to grep for later after you fix your certs
> 5. The leading underscore acts as a strong "keep away" signal
> 6. The leading underscore makes it clear this function may not always be available (e.g. Jython, older versions of Python)
> 
> 

If someone wants to do this, can’t they write their own 6 line function? 

import ssl
import urllib.request
_real_urlopen = urllib.request.urlopen
def _unverified(*args, **kwargs):
    if not kwargs.keys() & {“context”, “cafile”, “capath”, “cadefault”}:
        ctx = ssl.create_default_context()
        ctx.verify_mode = CERT_NONE
        ctx.verify_hostname = False
        kwargs[“context”] = ctx
    return _real_urlopen(*args, **kwargs)

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140908/9d61e173/attachment-0001.html>

More information about the Python-Dev mailing list