On 9 Sep 2014 04:00, "Barry Warsaw" <ba...@python.org> wrote:
> >
> >This would need to be updated first, once it *did* take such an argument,
> >this would be accomplished by:
> >
> >context = ssl.create_default_context()
> >context.verify_mode = CERT_OPTIONACERT_NONE
> >context.verify_hostname = False
> >urllib.request.urlopen("
https://something-i-apparently-dont-care-much-about";,
> >context=context)
>
> There's probably an ugly hack possibility that uses unittest.mock.patch.
;)
We could actually make it an "official" hack:
import urllib.request
urllib.request.urlopen = urllib.request._unverified_urlopen
Or else the user can just change the code to call the unverified one
directly.
All we'd have to do is keep the existing version that doesn't validate
certs properly around under the name "_unverified_urlopen".
I like this for a few reasons:
1. It doesn't get much easier than calling function A instead of function B
2. Monkeypatching lets you do a process global hack
3. The name tells you exactly why this is a bad idea
4. It's easy to grep for later after you fix your certs
5. The leading underscore acts as a strong "keep away" signal
6. The leading underscore makes it clear this function may not always be
available (e.g. Jython, older versions of Python)
Cheers,
Nick.
>
> -Barry
> _______________________________________________
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
