Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(73188)

Delta Between Two Patch Sets: Doc/library/http.client.rst

Issue 22417: PEP 476: verify HTTPS certificates by default
Left Patch Set: Created 4 years, 11 months ago
Right Patch Set: Created 4 years, 9 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | Doc/library/urllib.request.rst » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 :mod:`http.client` --- HTTP protocol client 1 :mod:`http.client` --- HTTP protocol client
2 =========================================== 2 ===========================================
3 3
4 .. module:: http.client 4 .. module:: http.client
5 :synopsis: HTTP and HTTPS protocol client (requires sockets). 5 :synopsis: HTTP and HTTPS protocol client (requires sockets).
6 6
7 7
8 .. index:: 8 .. index::
9 pair: HTTP; protocol 9 pair: HTTP; protocol
10 single: HTTP; http.client (standard module) 10 single: HTTP; http.client (standard module)
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
64 A subclass of :class:`HTTPConnection` that uses SSL for communication with 64 A subclass of :class:`HTTPConnection` that uses SSL for communication with
65 secure servers. Default port is ``443``. If *context* is specified, it 65 secure servers. Default port is ``443``. If *context* is specified, it
66 must be a :class:`ssl.SSLContext` instance describing the various SSL 66 must be a :class:`ssl.SSLContext` instance describing the various SSL
67 options. 67 options.
68 68
69 *key_file* and *cert_file* are deprecated, please use 69 *key_file* and *cert_file* are deprecated, please use
70 :meth:`ssl.SSLContext.load_cert_chain` instead, or let 70 :meth:`ssl.SSLContext.load_cert_chain` instead, or let
71 :func:`ssl.create_default_context` select the system's trusted CA 71 :func:`ssl.create_default_context` select the system's trusted CA
72 certificates for you. 72 certificates for you.
73 73
74 The recommended way to connect to HTTPS hosts on the Internet is as
75 follows::
76
77 context = ssl.create_default_context()
78 h = client.HTTPSConnection('www.python.org', 443, context=context)
79
80 Please read :ref:`ssl-security` for more information on best practices. 74 Please read :ref:`ssl-security` for more information on best practices.
81 75
82 .. note:: 76 .. note::
83 If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode` 77 If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode`
84 of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then 78 of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then
85 by default *host* is matched against the host name(s) allowed by the 79 by default *host* is matched against the host name(s) allowed by the
86 server's certificate. If you want to change that behaviour, you can 80 server's certificate. If you want to change that behaviour, you can
87 explicitly set *check_hostname* to False. 81 explicitly set *check_hostname* to False.
88 82
89 .. versionchanged:: 3.2 83 .. versionchanged:: 3.2
90 *source_address*, *context* and *check_hostname* were added. 84 *source_address*, *context* and *check_hostname* were added.
91 85
92 .. versionchanged:: 3.2 86 .. versionchanged:: 3.2
93 This class now supports HTTPS virtual hosts if possible (that is, 87 This class now supports HTTPS virtual hosts if possible (that is,
94 if :data:`ssl.HAS_SNI` is true). 88 if :data:`ssl.HAS_SNI` is true).
95 89
96 .. versionchanged:: 3.4 90 .. versionchanged:: 3.4
97 The *strict* parameter was removed. HTTP 0.9-style "Simple Responses" are 91 The *strict* parameter was removed. HTTP 0.9-style "Simple Responses" are
98 no longer supported. 92 no longer supported.
93
94 .. versionchanged:: 3.4.3
95 This class now performs all the necessary certificate and hostname checks
96 by default. To revert to the previous, unverified, behavior
97 :func:`ssl._create_unverified_context` can be passed to the *context*
98 parameter.
99 99
100 100
101 .. class:: HTTPResponse(sock, debuglevel=0, method=None, url=None) 101 .. class:: HTTPResponse(sock, debuglevel=0, method=None, url=None)
102 102
103 Class whose instances are returned upon successful connection. Not 103 Class whose instances are returned upon successful connection. Not
104 instantiated directly by user. 104 instantiated directly by user.
105 105
106 .. versionchanged:: 3.4 106 .. versionchanged:: 3.4
107 The *strict* parameter was removed. HTTP 0.9 style "Simple Responses" are 107 The *strict* parameter was removed. HTTP 0.9 style "Simple Responses" are
108 no longer supported. 108 no longer supported.
(...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after
672 672
673 .. _httpmessage-objects: 673 .. _httpmessage-objects:
674 674
675 HTTPMessage Objects 675 HTTPMessage Objects
676 ------------------- 676 -------------------
677 677
678 An :class:`http.client.HTTPMessage` instance holds the headers from an HTTP 678 An :class:`http.client.HTTPMessage` instance holds the headers from an HTTP
679 response. It is implemented using the :class:`email.message.Message` class. 679 response. It is implemented using the :class:`email.message.Message` class.
680 680
681 .. XXX Define the methods that clients can depend upon between versions. 681 .. XXX Define the methods that clients can depend upon between versions.
LEFTRIGHT

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+