[docs] [issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david
report at bugs.python.org
Wed Sep 29 16:32:10 CEST 2010
david <db.pub.mail at gmail.com> added the comment:
Yes totally imho these modules should get fixed to actually do ssl checking.
This means that most users of these methods, even if they think they
are doing it properly as per the ssl module page, are still vulnerable
to attack.
I will add this comment to the bug you linked to above.
As an example, it only took a few minutes to confirm that the default
bzr install on ubuntu is vulnerable ->
https://bugs.edge.launchpad.net/bzr/+bug/651161
(bzr is only vulnerable if pycurl isn't installed but pycurl is only a
suggestion not a dependency ... ).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9983>
_______________________________________
More information about the docs
mailing list