Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(47503)

Side by Side Diff: Doc/whatsnew/3.4.rst

Issue 22417: PEP 476: verify HTTPS certificates by default
Patch Set: Created 4 years, 10 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Doc/library/xmlrpc.client.rst ('k') | Lib/http/client.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 **************************** 1 ****************************
2 What's New In Python 3.4 2 What's New In Python 3.4
3 **************************** 3 ****************************
4 4
5 :Author: R. David Murray <rdmurray@bitdance.com> (Editor) 5 :Author: R. David Murray <rdmurray@bitdance.com> (Editor)
6 6
7 .. Rules for maintenance: 7 .. Rules for maintenance:
8 8
9 * Anyone can add text to this document, but the maintainer reserves the 9 * Anyone can add text to this document, but the maintainer reserves the
10 right to rewrite any additions. In particular, for obscure or esoteric 10 right to rewrite any additions. In particular, for obscure or esoteric
(...skipping 2486 matching lines...) Expand 10 before | Expand all | Expand 10 after
2497 string allocated by :c:func:`PyMem_Malloc` or :c:func:`PyMem_Realloc` 2497 string allocated by :c:func:`PyMem_Malloc` or :c:func:`PyMem_Realloc`
2498 (:issue:`16742`) 2498 (:issue:`16742`)
2499 2499
2500 * :c:func:`PyThread_set_key_value` now always set the value. In Python 2500 * :c:func:`PyThread_set_key_value` now always set the value. In Python
2501 3.3, the function did nothing if the key already exists (if the current 2501 3.3, the function did nothing if the key already exists (if the current
2502 value is a non-NULL pointer). 2502 value is a non-NULL pointer).
2503 2503
2504 * The ``f_tstate`` (thread state) field of the :c:type:`PyFrameObject` 2504 * The ``f_tstate`` (thread state) field of the :c:type:`PyFrameObject`
2505 structure has been removed to fix a bug: see :issue:`14432` for the 2505 structure has been removed to fix a bug: see :issue:`14432` for the
2506 rationale. 2506 rationale.
2507
2508 Changed in 3.4.3
2509 ================
2510
2511 .. _pep-476:
2512
2513 PEP 476: Enabling certificate verification by default for stdlib http clients
2514 -----------------------------------------------------------------------------
2515
2516 :mod:`http.client` and modules which use it, such as :mod:`urllib.request` and
2517 :mod:`xmlrpc.client`, will now verify that the server presents a certificate
2518 which is signed by a CA in the platform trust store and whose hostname matches
2519 the hostname being requested by default, significantly improving security for
2520 many applications.
2521
2522 For applications which require the old previous behavior, they can pass an
2523 alternate context::
2524
2525 import urllib.request
2526 import ssl
2527
2528 # This disables all verification
2529 context = ssl._create_unverified_context()
2530
2531 # This allows using a specific certificate for the host, which doesn't need
2532 # to be in the trust store
2533 context = ssl.create_default_context(cafile="/path/to/file.crt")
2534
2535 urllib.request.urlopen("https://invalid-cert", context=context)
OLDNEW
« no previous file with comments | « Doc/library/xmlrpc.client.rst ('k') | Lib/http/client.py » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+