Re: [Python-Dev] Proposed schedule for 3.4.2

Mon, 08 Sep 2014 15:33:08 -0700 

> On Sep 8, 2014, at 6:20 PM, Nick Coghlan <[email protected]> wrote:
> 
> 
> On 9 Sep 2014 04:00, "Barry Warsaw" <[email protected] 
> <mailto:[email protected]>> wrote:
> > >
> > >This would need to be updated first, once it *did* take such an argument,
> > >this would be accomplished by:
> > >
> > >context = ssl.create_default_context()
> > >context.verify_mode = CERT_OPTIONACERT_NONE
> > >context.verify_hostname = False
> > >urllib.request.urlopen("https://something-i-apparently-dont-care-much-about
> > > <https://something-i-apparently-dont-care-much-about/>",
> > >context=context)
> >
> > There's probably an ugly hack possibility that uses unittest.mock.patch. ;)
> 
> We could actually make it an "official" hack:
> 
>     import urllib.request
>     urllib.request.urlopen = urllib.request._unverified_urlopen
> 
> Or else the user can just change the code to call the unverified one directly.
> 
> All we'd have to do is keep the existing version that doesn't validate certs 
> properly around under the name "_unverified_urlopen".
> 
> I like this for a few reasons:
> 
> 1. It doesn't get much easier than calling function A instead of function B
> 2. Monkeypatching lets you do a process global hack 
> 3. The name tells you exactly why this is a bad idea
> 4. It's easy to grep for later after you fix your certs
> 5. The leading underscore acts as a strong "keep away" signal
> 6. The leading underscore makes it clear this function may not always be 
> available (e.g. Jython, older versions of Python)
> 
> 

If someone wants to do this, can’t they write their own 6 line function? 

import ssl
import urllib.request
_real_urlopen = urllib.request.urlopen
def _unverified(*args, **kwargs):
    if not kwargs.keys() & {“context”, “cafile”, “capath”, “cadefault”}:
        ctx = ssl.create_default_context()
        ctx.verify_mode = CERT_NONE
        ctx.verify_hostname = False
        kwargs[“context”] = ctx
    return _real_urlopen(*args, **kwargs)

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA


_______________________________________________
Python-Dev mailing list
[email protected]
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to