[Python-modules-commits] [python-urllib3] 11/15: require SSL certificate validation by default by using
Daniele Tricoli
eriol-guest at moszumanska.debian.org
Thu May 26 03:59:17 UTC 2016
This is an automated email from the git hooks/post-receive script.
eriol-guest pushed a commit to branch master
in repository python-urllib3.
commit e2f0f9789b9e5992b33c7ede2f70c9b0f356a56a
Author: Jamie Strandboge <jamie at canonical.com>
Date: Thu Oct 8 13:19:47 2015 -0700
require SSL certificate validation by default by using
CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
Bug-Ubuntu: https://launchpad.net/bugs/1047054
Bug-Debian: http://bugs.debian.org/686872
Last-Update: 2014-09-01
Patch-Name: 02_require-cert-verification.patch
---
urllib3/connectionpool.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py
index 989f8ca..e8e47f1 100644
--- a/urllib3/connectionpool.py
+++ b/urllib3/connectionpool.py
@@ -713,6 +713,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
``ca_cert_dir``, and ``ssl_version`` are only used if :mod:`ssl` is
available and are fed into :meth:`urllib3.util.ssl_wrap_socket` to upgrade
the connection socket into an SSL socket.
+
+ On Debian, SSL certificate validation is required by default
"""
scheme = 'https'
@@ -722,8 +724,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
strict=False, timeout=Timeout.DEFAULT_TIMEOUT, maxsize=1,
block=False, headers=None, retries=None,
_proxy=None, _proxy_headers=None,
- key_file=None, cert_file=None, cert_reqs=None,
- ca_certs=None, ssl_version=None,
+ key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED',
+ ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None,
assert_hostname=None, assert_fingerprint=None,
ca_cert_dir=None, **conn_kw):
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-urllib3.git
More information about the Python-modules-commits
mailing list