Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(160301)

Side by Side Diff: Doc/whatsnew/3.5.rst

Issue 22417: PEP 476: verify HTTPS certificates by default
Patch Set: Created 5 years, 1 month ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Doc/library/urllib.request.rst ('k') | Lib/http/client.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 **************************** 1 ****************************
2 What's New In Python 3.5 2 What's New In Python 3.5
3 **************************** 3 ****************************
4 4
5 :Release: |release| 5 :Release: |release|
6 :Date: |today| 6 :Date: |today|
7 7
8 .. Rules for maintenance: 8 .. Rules for maintenance:
9 9
10 * Anyone can add text to this document. Do not spend very much time 10 * Anyone can add text to this document. Do not spend very much time
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
89 * None yet. 89 * None yet.
90 90
91 Security improvements: 91 Security improvements:
92 92
93 * None yet. 93 * None yet.
94 94
95 Please read on for a comprehensive list of user-facing changes. 95 Please read on for a comprehensive list of user-facing changes.
96 96
97 97
98 .. PEP-sized items next. 98 .. PEP-sized items next.
99
100 .. _pep-476:
101
102 PEP 476: Enabling certificate verification by default for stdlib http clients
103 =============================================================================
104
105 :mod:`http.client` and modules which use it, such as :mod:`urllib.request` and
106 :mod:`xmlrpc.client`, will now verify that the server presents a certificate
107 which is signed by a CA in the platform trust store and whose hostname matches
108 the hostname being requested by default, significantly improving security for
109 many applications.
110
111 For applications which require the old previous behavior, they can pass an
112 alternate context::
113
114 import urllib.request
115 import ssl
116
117 # This disables all verification
118 context = ssl._create_unverified_context()
119
120 # This allows using a specific certificate for the host, which doesn't need
121 # to be in the trust store
122 context = ssl.create_default_context(cafile="/path/to/file.crt")
123
124 urllib.request.urlopen("https://invalid-cert", context=context)
125
99 126
100 .. _pep-4XX: 127 .. _pep-4XX:
101 128
102 .. PEP 4XX: Virtual Environments 129 .. PEP 4XX: Virtual Environments
103 .. ============================= 130 .. =============================
104 131
105 132
106 .. (Implemented by Foo Bar.) 133 .. (Implemented by Foo Bar.)
107 134
108 .. .. seealso:: 135 .. .. seealso::
(...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after
408 purposes (ie: fixing tests) that error messages that were previously of the 435 purposes (ie: fixing tests) that error messages that were previously of the
409 form "'sometype' does not support the buffer protocol" are now of the form "a 436 form "'sometype' does not support the buffer protocol" are now of the form "a
410 bytes-like object is required, not 'sometype'" (contributed by Ezio Melotti 437 bytes-like object is required, not 'sometype'" (contributed by Ezio Melotti
411 in :issue:`16518`). 438 in :issue:`16518`).
412 439
413 Changes in the C API 440 Changes in the C API
414 -------------------- 441 --------------------
415 442
416 * The :c:type:`PyMemAllocator` structure was renamed to 443 * The :c:type:`PyMemAllocator` structure was renamed to
417 :c:type:`PyMemAllocatorEx` and a new ``calloc`` field was added. 444 :c:type:`PyMemAllocatorEx` and a new ``calloc`` field was added.
OLDNEW
« no previous file with comments | « Doc/library/urllib.request.rst ('k') | Lib/http/client.py » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+