Message 107900 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	debatem1
Recipients	debatem1
Date	2010-06-16.01:04:34
SpamBayes Score	0.07875739
Marked as misclassified	No
Message-id	<1276650277.98.0.113951617798.issue9003@psf.upfronthosting.co.za>
In-reply-to

Content
urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes: 1) add mechanisms for enforcing correct behavior to urllib, or 2) change the documentation for that module to include something akin to the following warning: "Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination."

urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:

1) add mechanisms for enforcing correct behavior to urllib, or
2) change the documentation for that module to include something akin to the following warning:

"Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination."

History
Date	User	Action	Args
2010-06-16 01:04:38	debatem1	set	recipients: + debatem1
2010-06-16 01:04:37	debatem1	set	messageid: <1276650277.98.0.113951617798.issue9003@psf.upfronthosting.co.za>
2010-06-16 01:04:36	debatem1	link	issue9003 messages
2010-06-16 01:04:35	debatem1	create