> On Sep 8, 2014, at 6:20 PM, Nick Coghlan <ncogh...@gmail.com> wrote: > > > On 9 Sep 2014 04:00, "Barry Warsaw" <ba...@python.org > <mailto:ba...@python.org>> wrote: > > > > > >This would need to be updated first, once it *did* take such an argument, > > >this would be accomplished by: > > > > > >context = ssl.create_default_context() > > >context.verify_mode = CERT_OPTIONACERT_NONE > > >context.verify_hostname = False > > >urllib.request.urlopen("https://something-i-apparently-dont-care-much-about > > > <https://something-i-apparently-dont-care-much-about/>", > > >context=context) > > > > There's probably an ugly hack possibility that uses unittest.mock.patch. ;) > > We could actually make it an "official" hack: > > import urllib.request > urllib.request.urlopen = urllib.request._unverified_urlopen > > Or else the user can just change the code to call the unverified one directly. > > All we'd have to do is keep the existing version that doesn't validate certs > properly around under the name "_unverified_urlopen". > > I like this for a few reasons: > > 1. It doesn't get much easier than calling function A instead of function B > 2. Monkeypatching lets you do a process global hack > 3. The name tells you exactly why this is a bad idea > 4. It's easy to grep for later after you fix your certs > 5. The leading underscore acts as a strong "keep away" signal > 6. The leading underscore makes it clear this function may not always be > available (e.g. Jython, older versions of Python) > >
If someone wants to do this, can’t they write their own 6 line function? import ssl import urllib.request _real_urlopen = urllib.request.urlopen def _unverified(*args, **kwargs): if not kwargs.keys() & {“context”, “cafile”, “capath”, “cadefault”}: ctx = ssl.create_default_context() ctx.verify_mode = CERT_NONE ctx.verify_hostname = False kwargs[“context”] = ctx return _real_urlopen(*args, **kwargs) --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com