James Oakley <[email protected]> added the comment:
Something like this perhaps?
--- a/Lib/urllib/request.py Fri May 11 13:11:02 2012 -0400
+++ b/Lib/urllib/request.py Fri May 11 11:03:02 2012 -0700
@@ -135,16 +135,19 @@
_opener = None
def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
- *, cafile=None, capath=None):
+ *, cafile=None, capath=None, cadefault=True):
global _opener
if cafile or capath:
if not _have_ssl:
raise ValueError('SSL support not available')
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.options |= ssl.OP_NO_SSLv2
- if cafile or capath:
+ if cafile or capath or cadefault:
context.verify_mode = ssl.CERT_REQUIRED
- context.load_verify_locations(cafile, capath)
+ if cafile or capath:
+ context.load_verify_locations(cafile, capath)
+ else:
+ context.load_default_verify_locations()
check_hostname = True
else:
check_hostname = False
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue14780>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
