New submission from Nick Coghlan:
Attached minimal patch updates http.client.HTTPSConnection to validate certs by
default and adjusts test.test_httplib accordingly.
It doesn't currently include any docs changes, or changes to urllib.
The process wide "revert to the old behaviour" hook is to monkeypatch the ssl
module:
ssl._create_default_https_context = ssl._create_unverified_context
To monkeypatch the stdlib to validate *everything* (this one isn't new, just
noting it for the record):
ssl._create_stdlib_context = ssl.create_default_context
----------
files: pep476_minimal_implementation.diff
keywords: patch
messages: 226912
nosy: alex, larry, ncoghlan
priority: high
severity: normal
status: open
title: PEP 476: verify HTTPS certificates by default
type: enhancement
Added file: http://bugs.python.org/file36624/pep476_minimal_implementation.diff
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue22417>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
