aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJamie Strandboge <jamie@canonical.com>2015-10-08 13:19:47 -0700
committerDaniele Tricoli <eriol@mornie.org>2015-10-10 03:15:33 +0200
commit9e59bf6b30776302e6ccd960331a91d073f6a0c3 (patch)
tree6e9978d71db523d8ceeb435b8c11ec971a5d4750
parent4e097b776bf499a02b262c722487fcd55c2ee379 (diff)
downloadpython-urllib3-9e59bf6b30776302e6ccd960331a91d073f6a0c3.tar
python-urllib3-9e59bf6b30776302e6ccd960331a91d073f6a0c3.tar.gz
require SSL certificate validation by default by using
CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt Bug-Ubuntu: https://launchpad.net/bugs/1047054 Bug-Debian: http://bugs.debian.org/686872 Last-Update: 2014-09-01 Patch-Name: 02_require-cert-verification.patch
-rw-r--r--urllib3/connectionpool.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py
index 563f108..a99d4ec 100644
--- a/urllib3/connectionpool.py
+++ b/urllib3/connectionpool.py
@@ -681,6 +681,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
``ca_cert_dir``, and ``ssl_version`` are only used if :mod:`ssl` is
available and are fed into :meth:`urllib3.util.ssl_wrap_socket` to upgrade
the connection socket into an SSL socket.
+
+ On Debian, SSL certificate validation is required by default
"""
scheme = 'https'
@@ -690,8 +692,8 @@ class HTTPSConnectionPool(HTTPConnectionPool):
strict=False, timeout=Timeout.DEFAULT_TIMEOUT, maxsize=1,
block=False, headers=None, retries=None,
_proxy=None, _proxy_headers=None,
- key_file=None, cert_file=None, cert_reqs=None,
- ca_certs=None, ssl_version=None,
+ key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED',
+ ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None,
assert_hostname=None, assert_fingerprint=None,
ca_cert_dir=None, **conn_kw):