This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: urllib.requests.urlopen: deprecate cafile=None, capath=None, cadefault=False
Type: enhancement Stage: needs patch
Components: Library (Lib) Versions: Python 3.10
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, gregory.p.smith, orsenthil, potomak
Priority: normal Keywords:

Created on 2019-07-23 23:54 by gregory.p.smith, last changed 2022-04-11 14:59 by admin.

Messages (4)
msg348359 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2019-07-23 23:54
The underlying API supports cafile, capath and cadata.

urlopen() only offers up cafile and capath.  It should also support cadata for completeness.

This matters for applications that embed their root certificate pem as data.  Requiring the user to write that to a file or ship that as a file just so the library can read it rather than passing it in as a string is gross.

Lets add cadata support to urlopen().
msg348362 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2019-07-24 03:23
Probably nevermind on implementing this:

  ssl_context = ssl.create_default_context(cadata=...)
  urllib.request.urlopen(..., context=ssl_context)

Works fine.  It might be worth a note in the urlopen() docs if anything.
msg348373 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-07-24 06:37
Yes, that's my favorite solution.

Actually I would like to deprecate and remove all TLS/SSL related arguments in favor of a single context/ssl_context argument.
msg348378 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2019-07-24 10:45
Suggesting the use of context and deprecating `cafile=None, capath=None, cadefault=False` sounds like a good idea.
Date User Action Args
2022-04-11 14:59:18adminsetgithub: 81847
2021-04-19 20:01:01christian.heimessetassignee: christian.heimes ->
title: urllib.requests.urlopen doesn't support cadata= -> urllib.requests.urlopen: deprecate cafile=None, capath=None, cadefault=False
components: - SSL
versions: + Python 3.10, - Python 3.8, Python 3.9
2019-07-29 02:29:50potomaksetnosy: + potomak
2019-07-24 10:45:58orsenthilsetmessages: + msg348378
2019-07-24 06:37:49xtreaksetnosy: + orsenthil
2019-07-24 06:37:11christian.heimessetmessages: + msg348373
2019-07-24 03:23:46gregory.p.smithsetmessages: + msg348362
2019-07-23 23:54:18gregory.p.smithcreate