[Python-Dev] Proposed schedule for 3.4.2
Antoine Pitrou
solipsis at pitrou.net
Thu Sep 11 20:39:50 CEST 2014
On Tue, 9 Sep 2014 08:20:52 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
> On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org> wrote:
> > >
> > >This would need to be updated first, once it *did* take such an argument,
> > >this would be accomplished by:
> > >
> > >context = ssl.create_default_context()
> > >context.verify_mode = CERT_OPTIONACERT_NONE
> > >context.verify_hostname = False
> > >urllib.request.urlopen("
> https://something-i-apparently-dont-care-much-about",
> > >context=context)
> >
> > There's probably an ugly hack possibility that uses unittest.mock.patch.
> ;)
>
> We could actually make it an "official" hack:
>
> import urllib.request
> urllib.request.urlopen = urllib.request._unverified_urlopen
-1. Instead of disabling cert verification for *one* urlopen() call
site, you're doing it for *every* urlopen call site in the program - or,
even worse, for every urlopen that's imported after the monkey-patching
(which makes the final effect potentially dependent on module import
order, and import style). It may affect third-party libraries that have
their own REST calls, or whatever.
Regards
Antoine.
More information about the Python-Dev
mailing list