Author debatem1
Recipients debatem1
Date 2010-06-16.01:04:34
SpamBayes Score 0.0787574
Marked as misclassified No
Message-id <1276650277.98.0.113951617798.issue9003@psf.upfronthosting.co.za>
In-reply-to
Content
urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:

1) add mechanisms for enforcing correct behavior to urllib, or
2) change the documentation for that module to include something akin to the following warning:

"Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination."
History
Date User Action Args
2010-06-16 01:04:38debatem1setrecipients: + debatem1
2010-06-16 01:04:37debatem1setmessageid: <1276650277.98.0.113951617798.issue9003@psf.upfronthosting.co.za>
2010-06-16 01:04:36debatem1linkissue9003 messages
2010-06-16 01:04:35debatem1create