mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 17:08:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

HTTPSConnection: prefer the context's check_hostname attribute over the constructor parameter (#22959)

Browse source
This commit is contained in:
Benjamin Peterson 2014-12-07 13:18:25 -05:00
parent b92fd01189
commit a090f01bb6
4 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Doc/library/http.client.rst
View file

@ -69,17 +69,12 @@ The module provides the following classes:
*key_file* and *cert_file* are deprecated, please use
:meth:`ssl.SSLContext.load_cert_chain` instead, or let
:func:`ssl.create_default_context` select the system's trusted CA
certificates for you.
certificates for you. The *check_hostname* parameter is also deprecated; the
:attr:`SSLContext.check_hostname` attribute of *context* should be used
instead.
Please read :ref:`ssl-security` for more information on best practices.
.. note::
If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode`
of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then
by default *host* is matched against the host name(s) allowed by the
server's certificate. If you want to change that behaviour, you can
explicitly set *check_hostname* to False.
.. versionchanged:: 3.2
*source_address*, *context* and *check_hostname* were added.