From c9df3d807f7134f58f4a84dc8b80e9dc98c62f3a Mon Sep 17 00:00:00 2001 From: SVN-Git Migration Date: Thu, 8 Oct 2015 13:19:42 -0700 Subject: Imported Upstream version 1.10.4 --- docs/security.rst | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'docs/security.rst') diff --git a/docs/security.rst b/docs/security.rst index 0566737..881730e 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -111,6 +111,8 @@ Once you find your root certificate file:: ... +.. _pyopenssl: + OpenSSL / PyOpenSSL ------------------- @@ -137,12 +139,14 @@ Now you can continue using urllib3 as you normally would. For more details, check the :mod:`~urllib3.contrib.pyopenssl` module. +.. _insecurerequestwarning: + InsecureRequestWarning ---------------------- .. versionadded:: 1.9 -Unverified HTTPS requests will trigger a warning:: +Unverified HTTPS requests will trigger a warning via Python's ``warnings`` module:: urllib3/connectionpool.py:736: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. @@ -158,3 +162,30 @@ you can use :func:`~urllib3.disable_warnings`:: urllib3.disable_warnings() Making unverified HTTPS requests is strongly discouraged. ˙ ͜ʟ˙ + +Alternatively, if you are using Python's ``logging`` module, you can capture the +warnings to your own log:: + + logging.captureWarnings(True) + +Capturing the warnings to your own log is much preferred over simply disabling +the warnings. + +InsecurePlatformWarning +----------------------- + +.. versionadded:: 1.11 + +Certain Python platforms (specifically, versions of Python earlier than 2.7.9) +have restrictions in their ``ssl`` module that limit the configuration that +``urllib3`` can apply. In particular, this can cause HTTPS requests that would +succeed on more featureful platforms to fail, and can cause certain security +features to be unavailable. + +If you encounter this warning, it is strongly recommended you upgrade to a +newer Python version, or that you use pyOpenSSL as described in the +:ref:`pyopenssl` section. + +If you know what you are doing and would like to disable this and other +warnings, please consult the :ref:`insecurerequestwarning` section for +instructions on how to handle the warnings. -- cgit v1.2.3