Message107900
urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:
1) add mechanisms for enforcing correct behavior to urllib, or
2) change the documentation for that module to include something akin to the following warning:
"Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination." |
|
Date |
User |
Action |
Args |
2010-06-16 01:04:38 | debatem1 | set | recipients:
+ debatem1 |
2010-06-16 01:04:37 | debatem1 | set | messageid: <1276650277.98.0.113951617798.issue9003@psf.upfronthosting.co.za> |
2010-06-16 01:04:36 | debatem1 | link | issue9003 messages |
2010-06-16 01:04:35 | debatem1 | create | |
|