--- urllib/request.py.orig 2015-07-02 16:14:45.845985526 -0400 +++ urllib/request.py 2015-07-02 19:26:27.873423413 -0400 @@ -138,6 +138,13 @@ def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, *, cafile=None, capath=None, cadefault=False, context=None): global _opener + + if url is None: + raise ValueError('URL must be string or instance of Request()') + + _type = isinstance(url, Request) and url.type or url[:5] + add_https_handler = _type.lower() == 'https' + if cafile or capath or cadefault: if context is not None: raise ValueError( @@ -149,16 +156,20 @@ context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=cafile, capath=capath) + if not context and add_https_handler: + context = ssl.create_default_context() + + if context: https_handler = HTTPSHandler(context=context) - opener = build_opener(https_handler) - elif context: - https_handler = HTTPSHandler(context=context) - opener = build_opener(https_handler) - elif _opener is None: - _opener = opener = build_opener() - else: - opener = _opener - return opener.open(url, data, timeout) + if _opener: + _opener.add_handler(https_handler) + else: + _opener = build_opener(https_handler) + + if _opener is None: + _opener = build_opener() + + return _opener.open(url, data, timeout) def install_opener(opener): global _opener @@ -524,8 +535,12 @@ HTTPDefaultErrorHandler, HTTPRedirectHandler, FTPHandler, FileHandler, HTTPErrorProcessor, DataHandler] - if hasattr(http.client, "HTTPSConnection"): - default_classes.append(HTTPSHandler) + + # don't add a default HTTPSHandler, it breaks things when SSL certificates don't verify + # with a default context + #if hasattr(http.client, "HTTPSConnection"): + # default_classes.append(HTTPSHandler) + skip = set() for klass in default_classes: for check in handlers: