[Python-Dev] Proposed schedule for 3.4.2 (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Thu Sep 11 20:39:50 CEST 2014

• Previous message: [Python-Dev] Proposed schedule for 3.4.2
• Next message: [Python-Dev] Proposed schedule for 3.4.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 9 Sep 2014 08:20:52 +1000 Nick Coghlan <ncoghlan at gmail.com> wrote:

On 9 Sep 2014 04:00, "Barry Warsaw" <barry at python.org> wrote: > > > >This would need to be updated first, once it did take such an argument, > >this would be accomplished by: > > > >context = ssl.createdefaultcontext() > >context.verifymode = CERTOPTIONACERTNONE > >context.verifyhostname = False > >urllib.request.urlopen(" https://something-i-apparently-dont-care-much-about", > >context=context) > > There's probably an ugly hack possibility that uses unittest.mock.patch. ;)

We could actually make it an "official" hack: import urllib.request urllib.request.urlopen = urllib.request.unverifiedurlopen

-1. Instead of disabling cert verification for one urlopen() call site, you're doing it for every urlopen call site in the program - or, even worse, for every urlopen that's imported after the monkey-patching (which makes the final effect potentially dependent on module import order, and import style). It may affect third-party libraries that have their own REST calls, or whatever.

Regards

Antoine.

• Previous message: [Python-Dev] Proposed schedule for 3.4.2
• Next message: [Python-Dev] Proposed schedule for 3.4.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list