Merged revisions 85101 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r85101 | antoine.pitrou | 2010-09-29 13:24:21 +0200 (mer., 29 sept. 2010) | 3 lines
Issue #9983: warn that urllib and httplib don't perform SSL certificate validation.
........
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst
index e719ca6..0f59b9a 100644
--- a/Doc/library/http.client.rst
+++ b/Doc/library/http.client.rst
@@ -48,13 +48,13 @@
.. class:: HTTPSConnection(host, port=None, key_file=None, cert_file=None, strict=None[, timeout])
A subclass of :class:`HTTPConnection` that uses SSL for communication with
- secure servers. Default port is ``443``. *key_file* is the name of a PEM
- formatted file that contains your private key. *cert_file* is a PEM formatted
- certificate chain file.
+ secure servers. Default port is ``443``. *key_file* is the name of a PEM
+ formatted file that contains your private key, and *cert_file* is a PEM
+ formatted certificate chain file; both can be used for authenticating
+ yourself against the server.
- .. note::
-
- This does not do any certificate verification.
+ .. warning::
+ This does not do any verification of the server's certificate.
.. class:: HTTPResponse(sock, debuglevel=0, strict=0, method=None, url=None)
diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst
index 1b90d32..35ea286 100644
--- a/Doc/library/urllib.request.rst
+++ b/Doc/library/urllib.request.rst
@@ -11,6 +11,10 @@
opening URLs (mostly HTTP) in a complex world --- basic and digest
authentication, redirections, cookies and more.
+.. warning:: When opening HTTPS (or FTPS) URLs, it is not attempted to
+ validate the server certificate. Use at your own risk!
+
+
The :mod:`urllib.request` module defines the following functions: