On Tue, 9 Sep 2014 08:20:52 +1000
Nick Coghlan <ncogh...@gmail.com> wrote:
> On 9 Sep 2014 04:00, "Barry Warsaw" <ba...@python.org> wrote:
> > >
> > >This would need to be updated first, once it *did* take such an argument,
> > >this would be accomplished by:
> > >
> > >context = ssl.create_default_context()
> > >context.verify_mode = CERT_OPTIONACERT_NONE
> > >context.verify_hostname = False
> > >urllib.request.urlopen("
> https://something-i-apparently-dont-care-much-about";,
> > >context=context)
> >
> > There's probably an ugly hack possibility that uses unittest.mock.patch.
> ;)
>
> We could actually make it an "official" hack:
>
> import urllib.request
> urllib.request.urlopen = urllib.request._unverified_urlopen
-1. Instead of disabling cert verification for *one* urlopen() call
site, you're doing it for *every* urlopen call site in the program - or,
even worse, for every urlopen that's imported after the monkey-patching
(which makes the final effect potentially dependent on module import
order, and import style). It may affect third-party libraries that have
their own REST calls, or whatever.
Regards
Antoine.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
