-
-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
urllib.request and http.client should allow certificate checking #53249
Comments
urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:
"Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination." |
A big warning is now present (*) in the urllib and httplib documentation pages. Also, once bpo-1589 is fixed, we can go forward and make {http.client,urllib.request} check hostname and cert if the user gives the location of a bunch of CA certs. (*) see e.g. http://docs.python.org/dev/library/urllib.request.html |
Here is the API addition I would suggest for the http.client module: Add two new keyword arguments Here is the API addition I would suggest for the urllib.request module:
|
Here is a preliminary patch for http.client. I think it would be good to have local tests using a custom HTTPS server, too. |
Here is another patch for http.client containing more tests, including with a mismatching cert. Comments welcome. |
Any chance on folding the HTTPSServer class into http.server? Geremy Condra |
Its API and implementation would first have to be cleaned up. |
Here is a patch which also adds 'cafile' and 'capath' keyword arguments to urlopen(). |
Here is a new patch with doc updates for urllib.request. |
This patch should fix the test hanging issues witnessed on some machines. |
Yes, it does solve the problem of httplib and urllib2_localnet tests which |
Patch committed in r85408. I believe this fixes, at last, the whole issue people were complaining about. |
New changeset 1882157b298a by Benjamin Peterson in branch '2.7': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: