PEP 476: enable HTTPS certificate verification by default (#22417)

Patch by Alex Gaynor with some modifications by me.
2025-11-25 04:34:37 +00:00 · 2014-11-03 14:29:33 -05:00 · 2014-11-03 14:29:33 -05:00 · 4ffb075271
commit 4ffb075271
parent 8cf7c1cff0
11 changed files with 116 additions and 69 deletions
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@ -441,8 +441,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
        context.load_default_certs(purpose)
    return context

-
-def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
+def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
                           check_hostname=False, purpose=Purpose.SERVER_AUTH,
                           certfile=None, keyfile=None,
                           cafile=None, capath=None, cadata=None):
@ -480,6 +479,14 @@ def _create_stdlib_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,

    return context

+# Used by http.client if no context is explicitly passed.
+_create_default_https_context = create_default_context
+
+
+# Backwards compatibility alias, even though it's not a public name.
+_create_stdlib_context = _create_unverified_context
+
+
 class SSLSocket(socket):
    """This class implements a subtype of socket.socket that wraps
    the underlying OS socket in an SSL context when necessary, and