Issue #19508: warn that ssl doesn't validate certificates by default

author Antoine Pitrou <solipsis@pitrou.net>

Sun, 17 Nov 2013 14:42:58 +0000 (15:42 +0100)

committer Antoine Pitrou <solipsis@pitrou.net>

Sun, 17 Nov 2013 14:42:58 +0000 (15:42 +0100)
author Antoine Pitrou <solipsis@pitrou.net>
Sun, 17 Nov 2013 14:42:58 +0000 (15:42 +0100)
committer Antoine Pitrou <solipsis@pitrou.net>
Sun, 17 Nov 2013 14:42:58 +0000 (15:42 +0100)
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst

index 898e7d2e3d32c1b00270dac8939ffc32ee26a1e9..fe653b4015ece06ea64c4f833d34d0383a4da329 100644 (file)
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -30,6 +30,10 @@ probably additional platforms, as long as OpenSSL is installed on that platform.
     operating system socket APIs.  The installed version of OpenSSL may also
     cause variations in behavior.
  
+.. warning::
+   The ssl module won't validate certificates by default.  When used in
+   client mode, this means you are vulnerable to man-in-the-middle attacks.
+
  .. warning::
  
     OpenSSL's internal random number generator does not properly handle fork.
author	Antoine Pitrou <solipsis@pitrou.net>
	Sun, 17 Nov 2013 14:42:58 +0000 (15:42 +0100)
committer	Antoine Pitrou <solipsis@pitrou.net>
	Sun, 17 Nov 2013 14:42:58 +0000 (15:42 +0100)