Deficiency in urllib/socket for https?

[Gary Feldman]

I think I've found a deficiency in the design of urllib related to https.

In order to complete an https connection, it appears that URLOpener and
hence FancyURLOpener require the key and cert files.  Or at least, it's not
clear from the description of socket.ssl what it does if they're omitted.  

However, urlopen has no way to specify such things.  Nor should it - for
typical uses, a person simply trying to retrieve data from an ssl site
really doesn't want to know or care about keys and certificate directories.
One just wants to provide an https url and have it work.   Ideally, there
should be defaults for the certificate files.

This implies that somewhere in the function hierarchy, I suspect in
socket.ssl, there needs to be some clever defaults.  I don't know if they
folks maintaining the Python distribution really want to be in the business
of maintaining key and certificate directories (probably not), but there at
least ought to be a way to specify default directories (oh, no, another
environment variable?).  Thinking idealistically, it would be great if it
could share the default certs on the system (i.e. on UNIX, find a Netscape
or Mozilla install directory and use those, and on MS Windows, do whatever
it takes to use the Windows mechanism).

It's possible my analysis is flawed.  I haven't taken the time to download
and read the _ssl code, just the socket.py code (and urllib and httplib) .
So corrections as appreciated as much as comments.

Gary