Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(14117)

Unified Diff: Doc/whatsnew/3.4.rst

Issue 22417: PEP 476: verify HTTPS certificates by default
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Doc/library/xmlrpc.client.rst ('k') | Lib/http/client.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
--- a/Doc/whatsnew/3.4.rst Sun Nov 02 22:19:56 2014 +0200
+++ b/Doc/whatsnew/3.4.rst Mon Nov 03 09:50:32 2014 -0800
@@ -2504,3 +2504,32 @@
* The ``f_tstate`` (thread state) field of the :c:type:`PyFrameObject`
structure has been removed to fix a bug: see :issue:`14432` for the
rationale.
+
+Changed in 3.4.3
+================
+
+.. _pep-476:
+
+PEP 476: Enabling certificate verification by default for stdlib http clients
+-----------------------------------------------------------------------------
+
+:mod:`http.client` and modules which use it, such as :mod:`urllib.request` and
+:mod:`xmlrpc.client`, will now verify that the server presents a certificate
+which is signed by a CA in the platform trust store and whose hostname matches
+the hostname being requested by default, significantly improving security for
+many applications.
+
+For applications which require the old previous behavior, they can pass an
+alternate context::
+
+ import urllib.request
+ import ssl
+
+ # This disables all verification
+ context = ssl._create_unverified_context()
+
+ # This allows using a specific certificate for the host, which doesn't need
+ # to be in the trust store
+ context = ssl.create_default_context(cafile="/path/to/file.crt")
+
+ urllib.request.urlopen("https://invalid-cert", context=context)
« no previous file with comments | « Doc/library/xmlrpc.client.rst ('k') | Lib/http/client.py » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+