New submission from geremy condra <debat...@gmail.com>: urllib currently blindly accepts bad certificates when passed an https address. This behavior, clearly not desirable for many users, is also not documented. I propose one of two changes:
1) add mechanisms for enforcing correct behavior to urllib, or 2) change the documentation for that module to include something akin to the following warning: "Warning: urllib does not perform certificate checks if passed an HTTPS url! This permits remote machines to masquerade as your intended destination." ---------- components: Library (Lib) messages: 107900 nosy: debatem1 priority: normal severity: normal status: open title: urllib about https behavior versions: Python 3.1 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9003> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
