diff -r f80d5faa60ee Lib/ssl.py
--- a/Lib/ssl.py	Fri Apr 03 11:09:08 2015 +0200
+++ b/Lib/ssl.py	Fri Apr 03 12:33:49 2015 +0200
@@ -511,8 +511,27 @@
 
     return context
 
+
+def _get_verify_status(protocol, conf='/etc/python/cert-verification.conf'):
+    def inner():
+        default_context = {
+            'platform_default': create_default_context,
+            'enable': create_default_context,
+            'disable': _create_unverified_context
+        }
+        import configparser
+        try:
+            config = configparser.RawConfigParser()
+            config.read(conf)
+            status = config.get(protocol, 'verify')
+        except ConfigParser.NoSectionError:
+            status = 'enable'
+        return default_context.get(status, create_default_context)()
+    return inner
+
+
 # Used by http.client if no context is explicitly passed.
-_create_default_https_context = create_default_context
+_create_default_https_context = _get_verify_status('https')
 
 
 # Backwards compatibility alias, even though it's not a public name.