[Python-Dev] Proposed schedule for 3.4.2 (original) (raw)

Nick Coghlan ncoghlan at gmail.com
Tue Sep 9 00:20:52 CEST 2014

On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org> wrote:

> >This would need to be updated first, once it did take such an argument, >this would be accomplished by: > >context = ssl.createdefaultcontext() >context.verifymode = CERTOPTIONACERTNONE >context.verifyhostname = False >urllib.request.urlopen(" https://something-i-apparently-dont-care-much-about", >context=context)

There's probably an ugly hack possibility that uses unittest.mock.patch. ;)

We could actually make it an "official" hack:

import urllib.request
urllib.request.urlopen = urllib.request._unverified_urlopen

Or else the user can just change the code to call the unverified one directly.

All we'd have to do is keep the existing version that doesn't validate certs properly around under the name "_unverified_urlopen".

I like this for a few reasons:

  1. It doesn't get much easier than calling function A instead of function B
  2. Monkeypatching lets you do a process global hack
  3. The name tells you exactly why this is a bad idea
  4. It's easy to grep for later after you fix your certs
  5. The leading underscore acts as a strong "keep away" signal
  6. The leading underscore makes it clear this function may not always be available (e.g. Jython, older versions of Python)

Cheers, Nick.

-Barry

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140909/01b798a1/attachment.html>

More information about the Python-Dev mailing list