[issue14780] SSL should use OpenSSL-defined default certificate store if ca_certs parameter is omitted

James Oakley Fri, 11 May 2012 11:06:32 -0700

James Oakley <jf...@funktronics.ca> added the comment:

Something like this perhaps?


--- a/Lib/urllib/request.py     Fri May 11 13:11:02 2012 -0400
+++ b/Lib/urllib/request.py     Fri May 11 11:03:02 2012 -0700
@@ -135,16 +135,19 @@
 
 _opener = None
 def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
-            *, cafile=None, capath=None):
+            *, cafile=None, capath=None, cadefault=True):
     global _opener
     if cafile or capath:
         if not _have_ssl:
             raise ValueError('SSL support not available')
         context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
         context.options |= ssl.OP_NO_SSLv2
-        if cafile or capath:
+        if cafile or capath or cadefault:
             context.verify_mode = ssl.CERT_REQUIRED
-            context.load_verify_locations(cafile, capath)
+            if cafile or capath:
+                context.load_verify_locations(cafile, capath)
+            else:
+                context.load_default_verify_locations()
             check_hostname = True
         else:
             check_hostname = False

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue14780>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14780] SSL should use OpenSSL-defined default certificate store if ca_certs parameter is omitted

Reply via email to