[New-bugs-announce] [issue9003] urllib about https behavior
geremy condra
report at bugs.python.org
Wed Jun 16 03:04:37 CEST 2010
New submission from geremy condra <debatem1 at gmail.com>:
urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:
1) add mechanisms for enforcing correct behavior to urllib, or
2) change the documentation for that module to include something akin to the following warning:
"Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination."
----------
components: Library (Lib)
messages: 107900
nosy: debatem1
priority: normal
severity: normal
status: open
title: urllib about https behavior
versions: Python 3.1
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9003>
_______________________________________
More information about the New-bugs-announce
mailing list