Terry Reedy <tjre...@udel.edu> writes: >> Could similar notifications be added to urllib, etc? That's where >> people really get bitten badly by this. > > If you have specific ideas, propose them on the tracker.
urllib is basically a web client and as such it should act like a browser, with a default certificate store. It should refuse to connect to an https host that doesn't have a valid certificate, unless you override the default (supply your own CA store or validation routine). There could be some pre-written override options, such as accept expired certificate, accept certificate named "www.xyz.com" when the actual host is "abc.xyz.com", or that sort of thing. These are code changes, not doc updates. -- http://mail.python.org/mailman/listinfo/python-list
