Merge pull request #26 from twisted/24.certificate.verification

Default to enabling hostname verification.

txaws/service.py

@@ -2,6 +2,8 @@
 # Copyright (C) 2009 Robert Collins <robertc@robertcollins.net>
 # Licenced under the txaws licence available at /LICENSE in the txaws source.
 
+import warnings
+
 from txaws.credentials import AWSCredentials
 from txaws import regions
 from txaws.util import parse
@@ -42,12 +44,16 @@ class AWSServiceEndpoint(object):
         will be done when connecting to the endpoint.
     """
 
-    def __init__(self, uri="", method="GET", ssl_hostname_verification=False):
+    def __init__(self, uri="", method="GET", ssl_hostname_verification=True):
         self.host = ""
         self.port = None
         self.path = "/"
         self.method = method
         self.ssl_hostname_verification = ssl_hostname_verification
+        if not self.ssl_hostname_verification:
+            warnings.warn(
+                "Operating with certificate verification disabled!", stacklevel=2,
+            )
         self._parse_uri(uri)
         if not self.scheme:
             self.scheme = "http"

txaws/tests/test_service.py

@@ -21,6 +21,18 @@ class AWSServiceEndpointTestCase(TXAWSTestCase):
     def setUp(self):
         self.endpoint = AWSServiceEndpoint(uri="http://my.service/da_endpoint")
 
+    def test_warning_when_verification_disabled(self):
+        """
+        L{AWSServiceEndpoint} emits a warning when told not to perform
+        certificate verification.
+        """
+        self.assertWarns(
+            UserWarning,
+            "Operating with certificate verification disabled!",
+            __file__,
+            lambda: AWSServiceEndpoint(ssl_hostname_verification=False),
+        )
+
     def test_simple_creation(self):
         endpoint = AWSServiceEndpoint()
         self.assertEquals(endpoint.scheme, "http")