(original) (raw)

On 9 Sep 2014 04:00, "Barry Warsaw" <barry@python.org> wrote:
\> >
\> >This would need to be updated first, once it \*did\* take such an argument,
\> >this would be accomplished by:
\> >
\> >context = ssl.create\_default\_context()
\> >context.verify\_mode = CERT\_OPTIONACERT\_NONE
\> >context.verify\_hostname = False
\> >urllib.request.urlopen("https://something-i-apparently-dont-care-much-about",
\> >context=context)
\>
\> There's probably an ugly hack possibility that uses unittest.mock.patch. ;)

We could actually make it an "official" hack:

import urllib.request
urllib.request.urlopen = urllib.request.\_unverified\_urlopen

Or else the user can just change the code to call the unverified one directly.

All we'd have to do is keep the existing version that doesn't validate certs properly around under the name "\_unverified\_urlopen".

I like this for a few reasons:

1\. It doesn't get much easier than calling function A instead of function B
2\. Monkeypatching lets you do a process global hack
3\. The name tells you exactly why this is a bad idea
4\. It's easy to grep for later after you fix your certs
5\. The leading underscore acts as a strong "keep away" signal
6\. The leading underscore makes it clear this function may not always be available (e.g. Jython, older versions of Python)

Cheers,
Nick.

>
\> -Barry
\> \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
\> Python-Dev mailing list
\> Python-Dev@python.org
\> https://mail.python.org/mailman/listinfo/python-dev
\> Unsubscribe: https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com