Default to enabling hostname verification. #25
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release 0.2.3-based fix for #24
The 0.2.3 release doesn't have any of our CI configuration and has various incompatibilities with the most recent release of Twisted (at least, in the test suite). This makes it difficult to get a clean test run, let alone something public I can point at to demonstrate this is working.
The complexities of certificate verification and the sub-optimal interface to controlling this behavior (from txAWS's simple True/False to Twisted's old-style TLS context factories with few features and fewer nice knobs) make automated testing of the change challenging. Further, since most of this code should be deleted and replaced with modern Twisted TLS context factory-using code, I'm not much inclined to spend a lot of effort making the code testable and then testing it automatically.
I have verified the consequences of this change against
get_page
. See the description for the issue linked above.