pep 476: verify certificates by default (#22417)
diff --git a/Doc/library/httplib.rst b/Doc/library/httplib.rst
index 23b0e64..b659fd0 100644
--- a/Doc/library/httplib.rst
+++ b/Doc/library/httplib.rst
@@ -90,9 +90,6 @@
server's certificate. If you want to change that behaviour, you can
explicitly set *check_hostname* to False.
- .. warning::
- This does not do any verification of the server's certificate.
-
.. versionadded:: 2.0
.. versionchanged:: 2.6
@@ -104,6 +101,11 @@
.. versionchanged:: 2.7.9
*context* and *check_hostname* was added.
+ This class now performs all the necessary certificate and hostname checks
+ by default. To revert to the previous, unverified, behavior
+ :func:`ssl._create_unverified_context` can be passed to the *context*
+ parameter.
+
.. class:: HTTPResponse(sock, debuglevel=0, strict=0)
diff --git a/Doc/library/xmlrpclib.rst b/Doc/library/xmlrpclib.rst
index 720da39..3aa8be0 100644
--- a/Doc/library/xmlrpclib.rst
+++ b/Doc/library/xmlrpclib.rst
@@ -34,11 +34,10 @@
constructed data. If you need to parse untrusted or unauthenticated data see
:ref:`xml-vulnerabilities`.
-.. warning::
+.. versionchanged:: 2.7.9
- In the case of https URIs, :mod:`xmlrpclib` does not do any verification of
- the server's certificate.
-
+ For https URIs, :mod:`xmlrpclib` now performs all the necessary certificate
+ and hostname checks by default
.. class:: ServerProxy(uri[, transport[, encoding[, verbose[, allow_none[, use_datetime]]]]])