require SSL certificate validation by default by using

 CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
Bug-Ubuntu: https://launchpad.net/bugs/1047054
Bug-Debian: http://bugs.debian.org/686872
Last-Update: 2014-09-01

Patch-Name: 02_require-cert-verification.patch

1 files changed, 4 insertions, 2 deletions

diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py
index 0750e24..fe2f546 100644
--- a/urllib3/connectionpool.py
+++ b/urllib3/connectionpool.py
@@ -679,6 +679,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
     ``ssl_version`` are only used if :mod:`ssl` is available and are fed into
     :meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket
     into an SSL socket.
+
+    On Debian, SSL certificate validation is required by default
     """
 
     scheme = 'https'
@@ -688,8 +690,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
                  strict=False, timeout=Timeout.DEFAULT_TIMEOUT, maxsize=1,
                  block=False, headers=None, retries=None,
                  _proxy=None, _proxy_headers=None,
-                 key_file=None, cert_file=None, cert_reqs=None,
-                 ca_certs=None, ssl_version=None,
+                 key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED',
+                 ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None,
                  assert_hostname=None, assert_fingerprint=None,
                  **conn_kw):