From: Antoine Pitrou Date: Wed, 29 Sep 2010 11:30:52 +0000 (+0000) Subject: Merged revisions 85101 via svnmerge from X-Git-Tag: v2.7.1rc1~224 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=66bfda800714cc34294c475066b285dbd169bd23;p=python Merged revisions 85101 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r85101 | antoine.pitrou | 2010-09-29 13:24:21 +0200 (mer., 29 sept. 2010) | 3 lines Issue #9983: warn that urllib and httplib don't perform SSL certificate validation. ........ --- diff --git a/Doc/library/httplib.rst b/Doc/library/httplib.rst index 58a59a81ae..436857c960 100644 --- a/Doc/library/httplib.rst +++ b/Doc/library/httplib.rst @@ -73,9 +73,8 @@ The module provides the following classes: formatted file that contains your private key. *cert_file* is a PEM formatted certificate chain file. - .. note:: - - This does not do any certificate verification. + .. warning:: + This does not do any verification of the server's certificate. .. versionadded:: 2.0 diff --git a/Doc/library/urllib.rst b/Doc/library/urllib.rst index eacde19f50..080d95d362 100644 --- a/Doc/library/urllib.rst +++ b/Doc/library/urllib.rst @@ -23,6 +23,10 @@ built-in function :func:`open`, but accepts Universal Resource Locators (URLs) instead of filenames. Some restrictions apply --- it can only open URLs for reading, and no seek operations are available. +.. warning:: When opening HTTPS URLs, it is not attempted to validate the + server certificate. Use at your own risk! + + High-level interface -------------------- diff --git a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst index 973c098eb2..b977c4da62 100644 --- a/Doc/library/urllib2.rst +++ b/Doc/library/urllib2.rst @@ -18,6 +18,9 @@ The :mod:`urllib2` module defines functions and classes which help in opening URLs (mostly HTTP) in a complex world --- basic and digest authentication, redirections, cookies and more. +.. warning:: When opening HTTPS (or FTPS) URLs, it is not attempted to + validate the server certificate. Use at your own risk! + The :mod:`urllib2` module defines the following functions: