On 9 Sep 2014 08:20, "Nick Coghlan" <ncogh...@gmail.com> wrote:
>
>
> On 9 Sep 2014 04:00, "Barry Warsaw" <ba...@python.org> wrote:
> > >
> > >This would need to be updated first, once it *did* take such an
argument,
> > >this would be accomplished by:
> > >
> > >context = ssl.create_default_context()
> > >context.verify_mode = CERT_OPTIONACERT_NONE
> > >context.verify_hostname = False
> > >urllib.request.urlopen("
https://something-i-apparently-dont-care-much-about";,
> > >context=context)
> >
> > There's probably an ugly hack possibility that uses
unittest.mock.patch. ;)
>
> We could actually make it an "official" hack:
>
> import urllib.request
> urllib.request.urlopen = urllib.request._unverified_urlopen
Thinking about it a bit more, I suspect httplib would be the right level
for such a hack.
Either way, I actually think a monkeypatching based solution is a
reasonable choice here. You can downgrade back to the old behaviour
selectively (calling the unverified version or monkeypatching the calling
module) or globally (monkeypatching the httplib module)
If folks go "Ewww, I'm going to fix my code or certs instead", that's a
good outcome :)
Cheers,
Nick.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
