[Python-checkins] cpython (3.4): Issue #20913: make it clear that create_default_context() also enables hostname
antoine.pitrou
python-checkins at python.org
Sun Mar 23 16:31:46 CET 2014
http://hg.python.org/cpython/rev/c38ce7726737
changeset: 89930:c38ce7726737
branch: 3.4
parent: 89928:e8942abfb829
user: Antoine Pitrou <solipsis at pitrou.net>
date: Sun Mar 23 16:31:08 2014 +0100
summary:
Issue #20913: make it clear that create_default_context() also enables hostname checking
files:
Doc/library/ssl.rst | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -1626,7 +1626,8 @@
security policy, it is highly recommended that you use the
:func:`create_default_context` function to create your SSL context.
It will load the system's trusted CA certificates, enable certificate
-validation, and try to choose reasonably secure protocol and cipher settings.
+validation and hostname checking, and try to choose reasonably secure
+protocol and cipher settings.
For example, here is how you would use the :class:`smtplib.SMTP` class to
create a trusted, secure connection to a SMTP server::
@@ -1641,9 +1642,9 @@
:meth:`SSLContext.load_cert_chain`.
By contrast, if you create the SSL context by calling the :class:`SSLContext`
-constructor yourself, it will not have certificate validation enabled by
-default. If you do so, please read the paragraphs below to achieve a good
-security level.
+constructor yourself, it will not have certificate validation nor hostname
+checking enabled by default. If you do so, please read the paragraphs below
+to achieve a good security level.
Manual settings
^^^^^^^^^^^^^^^
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list