From e720aa3dea81bf5c30d9a897f9cbae18bf6a4228 Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 8 Oct 2015 13:19:46 -0700 Subject: Do not use embedded copy of python-six. Forwarded: not-needed Last-Update: 2015-05-03 Patch-Name: 01_do-not-use-embedded-python-six.patch --- urllib3/connectionpool.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'urllib3/connectionpool.py') diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py index c958725..0750e24 100644 --- a/urllib3/connectionpool.py +++ b/urllib3/connectionpool.py @@ -28,7 +28,7 @@ from .exceptions import ( InsecureRequestWarning, ) from .packages.ssl_match_hostname import CertificateError -from .packages import six +import six from .connection import ( port_by_scheme, DummyConnection, -- cgit v1.2.3 From 9cd0feeb36e835dbc9f394befd32e02ec1ce6841 Mon Sep 17 00:00:00 2001 From: Jamie Strandboge Date: Thu, 8 Oct 2015 13:19:47 -0700 Subject: require SSL certificate validation by default by using CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt Bug-Ubuntu: https://launchpad.net/bugs/1047054 Bug-Debian: http://bugs.debian.org/686872 Last-Update: 2014-09-01 Patch-Name: 02_require-cert-verification.patch --- urllib3/connectionpool.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'urllib3/connectionpool.py') diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py index 0750e24..fe2f546 100644 --- a/urllib3/connectionpool.py +++ b/urllib3/connectionpool.py @@ -679,6 +679,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): ``ssl_version`` are only used if :mod:`ssl` is available and are fed into :meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket into an SSL socket. + + On Debian, SSL certificate validation is required by default """ scheme = 'https' @@ -688,8 +690,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): strict=False, timeout=Timeout.DEFAULT_TIMEOUT, maxsize=1, block=False, headers=None, retries=None, _proxy=None, _proxy_headers=None, - key_file=None, cert_file=None, cert_reqs=None, - ca_certs=None, ssl_version=None, + key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED', + ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None, assert_hostname=None, assert_fingerprint=None, **conn_kw): -- cgit v1.2.3