diff options
| author | Jamie Strandboge <jamie@canonical.com> | 2015-10-08 13:19:47 -0700 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2015-12-22 14:20:52 +0000 |
| commit | 3bc2dc494dd62e4a86e625dd3b5cb14880d3d268 (patch) | |
| tree | 6aab28db57138b36e4cc44af3a2485f3f246c12e | |
| parent | ef4ec8903f3642a36635cea16ca54a6ed98b5d54 (diff) | |
| download | python-urllib3-3bc2dc494dd62e4a86e625dd3b5cb14880d3d268.tar python-urllib3-3bc2dc494dd62e4a86e625dd3b5cb14880d3d268.tar.gz | |
require SSL certificate validation by default by using
CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
Bug-Ubuntu: https://launchpad.net/bugs/1047054
Bug-Debian: http://bugs.debian.org/686872
Last-Update: 2014-09-01
Patch-Name: 02_require-cert-verification.patch
| -rw-r--r-- | urllib3/connectionpool.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py index 2204b30..ef60000 100644 --- a/urllib3/connectionpool.py +++ b/urllib3/connectionpool.py @@ -683,6 +683,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): ``ca_cert_dir``, and ``ssl_version`` are only used if :mod:`ssl` is available and are fed into :meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket into an SSL socket. + + On Debian, SSL certificate validation is required by default """ scheme = 'https' @@ -692,8 +694,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): strict=False, timeout=Timeout.DEFAULT_TIMEOUT, maxsize=1, block=False, headers=None, retries=None, _proxy=None, _proxy_headers=None, - key_file=None, cert_file=None, cert_reqs=None, - ca_certs=None, ssl_version=None, + key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED', + ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None, assert_hostname=None, assert_fingerprint=None, ca_cert_dir=None, **conn_kw): |