[Python-Dev] Proposed schedule for 3.4.2 (original) (raw)
Donald Stufft donald at stufft.io
Tue Sep 9 00:30:35 CEST 2014
- Previous message: [Python-Dev] Proposed schedule for 3.4.2
- Next message: [Python-Dev] Proposed schedule for 3.4.2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sep 8, 2014, at 6:20 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org <mailto:barry at python.org>> wrote: > > > >This would need to be updated first, once it did take such an argument, > >this would be accomplished by: > > > >context = ssl.createdefaultcontext() > >context.verifymode = CERTOPTIONACERTNONE > >context.verifyhostname = False > >urllib.request.urlopen("https://something-i-apparently-dont-care-much-about <https://something-i-apparently-dont-care-much-about/>", > >context=context) > > There's probably an ugly hack possibility that uses unittest.mock.patch. ;) We could actually make it an "official" hack: import urllib.request urllib.request.urlopen = urllib.request.unverifiedurlopen Or else the user can just change the code to call the unverified one directly. All we'd have to do is keep the existing version that doesn't validate certs properly around under the name "unverifiedurlopen". I like this for a few reasons: 1. It doesn't get much easier than calling function A instead of function B 2. Monkeypatching lets you do a process global hack 3. The name tells you exactly why this is a bad idea 4. It's easy to grep for later after you fix your certs 5. The leading underscore acts as a strong "keep away" signal 6. The leading underscore makes it clear this function may not always be available (e.g. Jython, older versions of Python)
If someone wants to do this, can’t they write their own 6 line function?
import ssl import urllib.request _real_urlopen = urllib.request.urlopen def _unverified(*args, **kwargs): if not kwargs.keys() & {“context”, “cafile”, “capath”, “cadefault”}: ctx = ssl.create_default_context() ctx.verify_mode = CERT_NONE ctx.verify_hostname = False kwargs[“context”] = ctx return _real_urlopen(*args, **kwargs)
Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140908/9d61e173/attachment-0001.html>
- Previous message: [Python-Dev] Proposed schedule for 3.4.2
- Next message: [Python-Dev] Proposed schedule for 3.4.2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]