diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -23,7 +23,7 @@
         class FakeSocket(StringIO.StringIO):
 
             def sendall(self, str):
-                pass
+                FakeHTTPConnection.request += str
             def makefile(self, *args, **kwds):
                 return self
 
@@ -38,6 +38,8 @@
                 return StringIO.StringIO.readline(self, length)
 
         class FakeHTTPConnection(httplib.HTTPConnection):
+            request = ""
+
             def connect(self):
                 self.sock = FakeSocket(fakedata)
         assert httplib.HTTP._connection_class == httplib.HTTPConnection
@@ -209,6 +211,39 @@
         finally:
             self.unfakehttp()
 
+    def test_userpass_inurl(self):
+        self.fakehttp('Hello!')
+        try:
+            fakehttp_wrapper = httplib.HTTP._connection_class
+            fp = urllib.urlopen("http://user:pass@python.org/")
+            authorization = "Authorization: Basic dXNlcjpwYXNz\r\n"
+            # The authorization header must be in place
+            self.assertTrue(authorization in fakehttp_wrapper.request)
+            self.assertEqual(fp.readline(), "Hello!")
+            self.assertEqual(fp.readline(), "")
+            self.assertEqual(fp.geturl(), 'http://user:pass@python.org/')
+            self.assertEqual(fp.getcode(), 200)
+        finally:
+            self.unfakehttp()
+
+    def test_userpass_w_spaces_inurl(self):
+        self.fakehttp('Hello!')
+        try:
+            url = "http://a b:c d@python.org/"
+            fakehttp_wrapper = httplib.HTTP._connection_class
+            authorization = "Authorization: Basic YSBiOmMgZA==\r\n"
+            fp = urllib.urlopen(url)
+            # The authorization header must be in place
+            self.assertTrue(authorization in fakehttp_wrapper.request)
+            self.assertEqual(fp.readline(), "Hello!")
+            self.assertEqual(fp.readline(), "")
+            # the spaces are quoted in URL so no match
+            #self.assertEqual(fp.geturl(), url)
+            self.assertEqual(fp.getcode(), 200)
+        finally:
+            self.unfakehttp()
+
+
 class urlretrieve_FileTests(unittest.TestCase):
     """Test urllib.urlretrieve() on local files"""
 
@@ -716,6 +751,9 @@
         self.assertEqual(('user', 'a\fb'),urllib.splitpasswd('user:a\fb'))
         self.assertEqual(('user', 'a\vb'),urllib.splitpasswd('user:a\vb'))
         self.assertEqual(('user', 'a:b'),urllib.splitpasswd('user:a:b'))
+        self.assertEqual(('user', 'a b'),urllib.splitpasswd('user:a b'))
+        self.assertEqual(('user 2', 'ab'),urllib.splitpasswd('user 2:ab'))
+        self.assertEqual(('user+1', 'a+b'),urllib.splitpasswd('user+1:a+b'))
 
 
 class URLopener_Tests(unittest.TestCase):
diff --git a/Lib/urllib.py b/Lib/urllib.py
--- a/Lib/urllib.py
+++ b/Lib/urllib.py
@@ -325,7 +325,7 @@
 
         if user_passwd:
             import base64
-            auth = base64.b64encode(user_passwd).strip()
+            auth = base64.b64encode(unquote(user_passwd)).strip()
         else:
             auth = None
         h = httplib.HTTP(host)