commit de9ac6c2e5b5887e473a24f067942dcf306ed3d3
author Antoine Pitrou <solipsis@pitrou.net> Wed May 16 21:40:01 2012 +0200
committer Antoine Pitrou <solipsis@pitrou.net> Wed May 16 21:40:01 2012 +0200
tree 4116086b6516d72bd6bc228dcb62e0258cb90c18
parent 5d953184a6fae25bf27e769c90b419d9b2aa1af9

Issue #14780: urllib.request.urlopen() now has a `cadefault` argument to use the default certificate store.
Initial patch by James Oakley.

Lib/urllib/request.py

diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
index 96bb8d7..9cbf8aa 100644
--- a/Lib/urllib/request.py
+++ b/Lib/urllib/request.py
@@ -135,16 +135,19 @@
 
 _opener = None
 def urlopen(url, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
-            *, cafile=None, capath=None):
+            *, cafile=None, capath=None, cadefault=False):
     global _opener
-    if cafile or capath:
+    if cafile or capath or cadefault:
         if not _have_ssl:
             raise ValueError('SSL support not available')
         context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
         context.options |= ssl.OP_NO_SSLv2
-        if cafile or capath:
+        if cafile or capath or cadefault:
             context.verify_mode = ssl.CERT_REQUIRED
-            context.load_verify_locations(cafile, capath)
+            if cafile or capath:
+                context.load_verify_locations(cafile, capath)
+            else:
+                context.set_default_verify_paths()
             check_hostname = True
         else:
             check_hostname = False