[issue9003] urllib.request and http.client should allow certificate checking
Roundup Robot added the comment: New changeset 1882157b298a by Benjamin Peterson in branch '2.7': allow passing cert/ssl information to urllib2.urlopen and httplib.HTTPSConnection https://hg.python.org/cpython/rev/1882157b298a -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Patch committed in r85408. I believe this fixes, at last, the whole issue people were complaining about. -- resolution: - fixed stage: patch review - committed/rejected status: open - closed versions: -Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Changes by Antoine Pitrou pit...@free.fr: Removed file: http://bugs.python.org/file19189/unnamed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Here is a patch which also adds 'cafile' and 'capath' keyword arguments to urlopen(). -- stage: needs patch - patch review Added file: http://bugs.python.org/file19185/httpcli+urllib.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Here is a new patch with doc updates for urllib.request. -- Added file: http://bugs.python.org/file19186/httpcli+urllib2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: This patch should fix the test hanging issues witnessed on some machines. -- Added file: http://bugs.python.org/file19187/httpcli+urllib3.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Senthil Kumaran orsent...@gmail.com added the comment: Yes, it does solve the problem of httplib and urllib2_localnet tests which were hanging with the earlier patch on certain machines.. -- Added file: http://bugs.python.org/file19189/unnamed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___Yes, it does solve the problem of httplib and urllib2_localnet tests which were hanging with the earlier patch on certain machines..divbr /div ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Here is another patch for http.client containing more tests, including with a mismatching cert. Comments welcome. -- Added file: http://bugs.python.org/file19178/httpcli2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
geremy condra debat...@gmail.com added the comment: Any chance on folding the HTTPSServer class into http.server? Geremy Condra -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Any chance on folding the HTTPSServer class into http.server? Its API and implementation would first have to be cleaned up. I'd prefer if it were the subject of a separate issue. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Here is the API addition I would suggest for the http.client module: Add two new keyword arguments `context` and `check_hostname` to HTTPSConnection; `context` would allow to pass a SSLContext instance for certificate checking and other options (default None, meaning no checking); `check_hostname` would specify whether to check the hostname against the URL (default to check only if context is present and context.verify_mode != CERT_NONE). Here is the API addition I would suggest for the urllib.request module: - Add constructor arguments `context` and `check_hostname` to HTTPSHandler. They will be passed to the underlying HTTPSConnection. - Add `ssl_ca_file` and `ssl_ca_path` arguments to the high-level function urlopen(); if at least one of them is present, a custom opener with a custom HTTPSHandler will be created, mandating the checking of server certificates -- resolution: accepted - ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: Here is a preliminary patch for http.client. I think it would be good to have local tests using a custom HTTPS server, too. -- keywords: +patch Added file: http://bugs.python.org/file19162/httpcli.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9003] urllib.request and http.client should allow certificate checking
Antoine Pitrou pit...@free.fr added the comment: A big warning is now present (*) in the urllib and httplib documentation pages. Also, once issue1589 is fixed, we can go forward and make {http.client,urllib.request} check hostname and cert if the user gives the location of a bunch of CA certs. (*) see e.g. http://docs.python.org/dev/library/urllib.request.html -- dependencies: +New SSL module doesn't seem to verify hostname against commonName in certificate nosy: +Ryan.Tucker, ahasenack, db, devin, heikki, janssen, kiilerix, vila, zooko stage: - needs patch title: urllib about https behavior - urllib.request and http.client should allow certificate checking type: - feature request versions: +Python 3.2, Python 3.3 -Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9003 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com