From 509dd54093df930e8962f270dc16efe59b6e7958 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Wed, 29 Sep 2010 11:25:47 +0000 Subject: [PATCH] Merged revisions 85101 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r85101 | antoine.pitrou | 2010-09-29 13:24:21 +0200 (mer., 29 sept. 2010) | 3 lines Issue #9983: warn that urllib and httplib don't perform SSL certificate validation. ........ --- Doc/library/http.client.rst | 12 ++++++------ Doc/library/urllib.request.rst | 4 ++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst index e719ca6d1df..0f59b9a4df8 100644 --- a/Doc/library/http.client.rst +++ b/Doc/library/http.client.rst @@ -48,13 +48,13 @@ The module provides the following classes: .. class:: HTTPSConnection(host, port=None, key_file=None, cert_file=None, strict=None[, timeout]) A subclass of :class:`HTTPConnection` that uses SSL for communication with - secure servers. Default port is ``443``. *key_file* is the name of a PEM - formatted file that contains your private key. *cert_file* is a PEM formatted - certificate chain file. + secure servers. Default port is ``443``. *key_file* is the name of a PEM + formatted file that contains your private key, and *cert_file* is a PEM + formatted certificate chain file; both can be used for authenticating + yourself against the server. - .. note:: - - This does not do any certificate verification. + .. warning:: + This does not do any verification of the server's certificate. .. class:: HTTPResponse(sock, debuglevel=0, strict=0, method=None, url=None) diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst index 1b90d32402e..35ea28651c2 100644 --- a/Doc/library/urllib.request.rst +++ b/Doc/library/urllib.request.rst @@ -11,6 +11,10 @@ The :mod:`urllib.request` module defines functions and classes which help in opening URLs (mostly HTTP) in a complex world --- basic and digest authentication, redirections, cookies and more. +.. warning:: When opening HTTPS (or FTPS) URLs, it is not attempted to + validate the server certificate. Use at your own risk! + + The :mod:`urllib.request` module defines the following functions: