[Python-checkins] r85101 - in python/branches/py3k/Doc/library: http.client.rst urllib.request.rst

antoine.pitrou python-checkins at python.org
Wed Sep 29 13:24:23 CEST 2010 

Author: antoine.pitrou
Date: Wed Sep 29 13:24:21 2010
New Revision: 85101

Log:
Issue #9983: warn that urllib and httplib don't perform SSL certificate validation.



Modified:
   python/branches/py3k/Doc/library/http.client.rst
   python/branches/py3k/Doc/library/urllib.request.rst

Modified: python/branches/py3k/Doc/library/http.client.rst
==============================================================================
--- python/branches/py3k/Doc/library/http.client.rst	(original)
+++ python/branches/py3k/Doc/library/http.client.rst	Wed Sep 29 13:24:21 2010
@@ -53,13 +53,13 @@
 .. class:: HTTPSConnection(host, port=None, key_file=None, cert_file=None, strict=None[, timeout[, source_address]])
 
    A subclass of :class:`HTTPConnection` that uses SSL for communication with
-   secure servers.  Default port is ``443``. *key_file* is the name of a PEM
-   formatted file that contains your private key. *cert_file* is a PEM formatted
-   certificate chain file.
+   secure servers.  Default port is ``443``.  *key_file* is the name of a PEM
+   formatted file that contains your private key, and *cert_file* is a PEM
+   formatted certificate chain file; both can be used for authenticating
+   yourself against the server.
 
-   .. note::
-
-      This does not do any certificate verification.
+   .. warning::
+      This does not do any verification of the server's certificate.
 
    .. versionchanged:: 3.2
       *source_address* was added.

Modified: python/branches/py3k/Doc/library/urllib.request.rst
==============================================================================
--- python/branches/py3k/Doc/library/urllib.request.rst	(original)
+++ python/branches/py3k/Doc/library/urllib.request.rst	Wed Sep 29 13:24:21 2010
@@ -11,6 +11,10 @@
 opening URLs (mostly HTTP) in a complex world --- basic and digest
 authentication, redirections, cookies and more.
 
+.. warning:: When opening HTTPS (or FTPS) URLs, it is not attempted to
+   validate the server certificate.  Use at your own risk!
+
+
 The :mod:`urllib.request` module defines the following functions:

More information about the Python-checkins mailing list