[Python-Dev] Proposed schedule for 3.4.2
Nick Coghlan
ncoghlan at gmail.com
Tue Sep 9 00:35:03 CEST 2014
On 9 Sep 2014 08:20, "Nick Coghlan" <ncoghlan at gmail.com> wrote:
>
>
> On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org> wrote:
> > >
> > >This would need to be updated first, once it *did* take such an
argument,
> > >this would be accomplished by:
> > >
> > >context = ssl.create_default_context()
> > >context.verify_mode = CERT_OPTIONACERT_NONE
> > >context.verify_hostname = False
> > >urllib.request.urlopen("
https://something-i-apparently-dont-care-much-about",
> > >context=context)
> >
> > There's probably an ugly hack possibility that uses
unittest.mock.patch. ;)
>
> We could actually make it an "official" hack:
>
> import urllib.request
> urllib.request.urlopen = urllib.request._unverified_urlopen
Thinking about it a bit more, I suspect httplib would be the right level
for such a hack.
Either way, I actually think a monkeypatching based solution is a
reasonable choice here. You can downgrade back to the old behaviour
selectively (calling the unverified version or monkeypatching the calling
module) or globally (monkeypatching the httplib module)
If folks go "Ewww, I'm going to fix my code or certs instead", that's a
good outcome :)
Cheers,
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140909/9c8e73c5/attachment.html>
More information about the Python-Dev
mailing list