[Python-Dev] cpython: Added SSL test for HTTPHandler. (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Sat May 21 13:09:03 CEST 2011

• Previous message: [Python-Dev] Python 2.6.7 release candidate 2 now available
• Next message: [Python-Dev] Stable buildbots update
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 21 May 2011 12:32:21 +0200 vinay.sajip <python-checkins at python.org> wrote:

+ if secure: + import ssl + fd, fn = tempfile.mkstemp() + os.close(fd) + with open(fn, 'w') as f: + f.write(self.PEMFILE) + sslctx = ssl.SSLContext(ssl.PROTOCOLSSLv23) + sslctx.loadcertchain(fn)

We already bundle a couple of cert files in Lib/test, so you shouldn't have to use your own (see e.g. Lib/test/keycert.pem).

+ self.hhdlr = logging.handlers.HTTPHandler(host, '/frob', secure=secure)

If you want real security, HTTPHandler should configure its SSLContext in CERT_REQUIRED mode (and be given the proper root certificate(s)). Otherwise you are vulnerable to man-in-the-middle attacks.

See the "context" and "check_hostname" arguments to HTTPSConnection: http://docs.python.org/dev/library/http.client.html#http.client.HTTPSConnection

Regards

Antoine.

• Previous message: [Python-Dev] Python 2.6.7 release candidate 2 now available
• Next message: [Python-Dev] Stable buildbots update
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list