Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(73549)

Side by Side Diff: Doc/library/http.client.rst

Issue 22417: PEP 476: verify HTTPS certificates by default
Patch Set: Created 4 years, 7 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | Doc/library/urllib.request.rst » ('j') | Doc/library/urllib.request.rst » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 :mod:`http.client` --- HTTP protocol client 1 :mod:`http.client` --- HTTP protocol client
2 =========================================== 2 ===========================================
3 3
4 .. module:: http.client 4 .. module:: http.client
5 :synopsis: HTTP and HTTPS protocol client (requires sockets). 5 :synopsis: HTTP and HTTPS protocol client (requires sockets).
6 6
7 7
8 .. index:: 8 .. index::
9 pair: HTTP; protocol 9 pair: HTTP; protocol
10 single: HTTP; http.client (standard module) 10 single: HTTP; http.client (standard module)
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
63 63
64 A subclass of :class:`HTTPConnection` that uses SSL for communication with 64 A subclass of :class:`HTTPConnection` that uses SSL for communication with
65 secure servers. Default port is ``443``. If *context* is specified, it 65 secure servers. Default port is ``443``. If *context* is specified, it
66 must be a :class:`ssl.SSLContext` instance describing the various SSL 66 must be a :class:`ssl.SSLContext` instance describing the various SSL
67 options. 67 options.
68 68
69 *key_file* and *cert_file* are deprecated, please use 69 *key_file* and *cert_file* are deprecated, please use
70 :meth:`ssl.SSLContext.load_cert_chain` instead, or let 70 :meth:`ssl.SSLContext.load_cert_chain` instead, or let
71 :func:`ssl.create_default_context` select the system's trusted CA 71 :func:`ssl.create_default_context` select the system's trusted CA
72 certificates for you. 72 certificates for you.
73
74 The recommended way to connect to HTTPS hosts on the Internet is as
75 follows::
76
77 context = ssl.create_default_context()
78 h = client.HTTPSConnection('www.python.org', 443, context=context)
79 73
80 Please read :ref:`ssl-security` for more information on best practices. 74 Please read :ref:`ssl-security` for more information on best practices.
81 75
82 .. note:: 76 .. note::
83 If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode` 77 If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode`
84 of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then 78 of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then
85 by default *host* is matched against the host name(s) allowed by the 79 by default *host* is matched against the host name(s) allowed by the
86 server's certificate. If you want to change that behaviour, you can 80 server's certificate. If you want to change that behaviour, you can
87 explicitly set *check_hostname* to False. 81 explicitly set *check_hostname* to False.
88 82
89 .. versionchanged:: 3.2 83 .. versionchanged:: 3.2
90 *source_address*, *context* and *check_hostname* were added. 84 *source_address*, *context* and *check_hostname* were added.
91 85
92 .. versionchanged:: 3.2 86 .. versionchanged:: 3.2
93 This class now supports HTTPS virtual hosts if possible (that is, 87 This class now supports HTTPS virtual hosts if possible (that is,
94 if :data:`ssl.HAS_SNI` is true). 88 if :data:`ssl.HAS_SNI` is true).
95 89
96 .. versionchanged:: 3.4 90 .. versionchanged:: 3.4
97 The *strict* parameter was removed. HTTP 0.9-style "Simple Responses" are 91 The *strict* parameter was removed. HTTP 0.9-style "Simple Responses" are
98 no longer supported. 92 no longer supported.
93
94 .. versionchanged:: 3.5
95 This class now uses :func:`ssl._create_default_https_context` if no
AntoinePitrou 2014/10/30 20:06:39 I think the first sentence can be removed. The pri
96 context is explicitly provided. This means that it performs all the
97 necessary certificate and hostname checks by default. To revert to the
98 previous, unverified, behavior :func:`ssl._create_unverified_context` can
99 be passed.
99 100
100 101
101 .. class:: HTTPResponse(sock, debuglevel=0, method=None, url=None) 102 .. class:: HTTPResponse(sock, debuglevel=0, method=None, url=None)
102 103
103 Class whose instances are returned upon successful connection. Not 104 Class whose instances are returned upon successful connection. Not
104 instantiated directly by user. 105 instantiated directly by user.
105 106
106 .. versionchanged:: 3.4 107 .. versionchanged:: 3.4
107 The *strict* parameter was removed. HTTP 0.9 style "Simple Responses" are 108 The *strict* parameter was removed. HTTP 0.9 style "Simple Responses" are
108 no longer supported. 109 no longer supported.
(...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after
672 673
673 .. _httpmessage-objects: 674 .. _httpmessage-objects:
674 675
675 HTTPMessage Objects 676 HTTPMessage Objects
676 ------------------- 677 -------------------
677 678
678 An :class:`http.client.HTTPMessage` instance holds the headers from an HTTP 679 An :class:`http.client.HTTPMessage` instance holds the headers from an HTTP
679 response. It is implemented using the :class:`email.message.Message` class. 680 response. It is implemented using the :class:`email.message.Message` class.
680 681
681 .. XXX Define the methods that clients can depend upon between versions. 682 .. XXX Define the methods that clients can depend upon between versions.
OLDNEW
« no previous file with comments | « no previous file | Doc/library/urllib.request.rst » ('j') | Doc/library/urllib.request.rst » ('J')

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+