commit 4ffb0752710f0c0720d4f2af0c4b7ce1ebb9d2bd
author Benjamin Peterson <benjamin@python.org> Mon Nov 03 14:29:33 2014 -0500
committer Benjamin Peterson <benjamin@python.org> Mon Nov 03 14:29:33 2014 -0500
tree 5082a5a3f18e25c9f0c7ede2717f7170e11b722f
parent 8cf7c1cff0f1176387118826fffdf1c517405f3a

PEP 476: enable HTTPS certificate verification by default (#22417)

Patch by Alex Gaynor with some modifications by me.

Lib/ssl.py

diff --git a/Lib/ssl.py b/Lib/ssl.py
index e2636ef..b6e6f16 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -441,8 +441,7 @@
         context.load_default_certs(purpose)
     return context
 
-
-def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
+def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
                            check_hostname=False, purpose=Purpose.SERVER_AUTH,
                            certfile=None, keyfile=None,
                            cafile=None, capath=None, cadata=None):
@@ -480,6 +479,14 @@
 
     return context
 
+# Used by http.client if no context is explicitly passed.
+_create_default_https_context = create_default_context
+
+
+# Backwards compatibility alias, even though it's not a public name.
+_create_stdlib_context = _create_unverified_context
+
+
 class SSLSocket(socket):
     """This class implements a subtype of socket.socket that wraps
     the underlying OS socket in an SSL context when necessary, and