-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
if verify=False needed? #5
Comments
Hi! The readme says
The reason is that certificate verification will NOT match the originating hostname (because it's a hacked IP). As for |
hi, I did read the readme. What puzzles me is that if I change the resolution in /etc/hosts that's a way to get a hacked IP, but in that situation, I can have a correct ssl connection with validation and so on. So I personally don't understand what's different here. I know nothing of how SNI is implemented though. I'd say that no matter how you get the IP (from /etc/hosts or from --force-ip) the rest seems pretty much the same to me. The idea that certification would be pointless is far from objective. Eg: I like to verify that a setup works before publishing it, that I thought was the use case at the base of this adapter. As far as the last point, I had errors, and reading requests' documentation:
so I interpreted as routing mecanism: when this route is used, this adapter is to be used. |
Hi, In the situation for which I wrote this, I have no control over /etc/hosts, so that solution didn't work for me. The point of this adapter is actually to skip errors due to mismatched hostname/certificate (I have other checks for certificate validity), this is why in this context I don't care about validating the certificate itself. |
BTW: in your example you use |
Hi,
I have not been able to use this adapter, maybe I just misunderstood the goal, maybe I misused it...
I wanted to use it to test a configuration before the dns is property set in the situation I have proper certificate in place: the same test I would obtain cheating with resolution in /etc/hosts. In this frame I need that verification of th ssl chain is done! that's part of what I want to test.
In your example, you explicitly set it to False. Do I misunderstand what is this adapter intended to do or is impossible to achieve?
Moreover, in the example you write
session.get('/some/path', ...)
it seems to me that you need to put there an address, while thepath
, seems to refer toparsed_url.path
The text was updated successfully, but these errors were encountered: