From f7a52475a5f666f7655df4d46f8522e0c5bdc890 Mon Sep 17 00:00:00 2001
From: Antoine Pitrou <solipsis@pitrou.net>
Date: Sun, 17 Nov 2013 15:42:58 +0100
Subject: [PATCH] Issue #19508: warn that ssl doesn't validate certificates by
 default

---
 Doc/library/ssl.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 898e7d2e3d..fe653b4015 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -30,6 +30,10 @@ probably additional platforms, as long as OpenSSL is installed on that platform.
    operating system socket APIs.  The installed version of OpenSSL may also
    cause variations in behavior.
 
+.. warning::
+   The ssl module won't validate certificates by default.  When used in
+   client mode, this means you are vulnerable to man-in-the-middle attacks.
+
 .. warning::
 
    OpenSSL's internal random number generator does not properly handle fork.
-- 
2.50.1