urllib3 does not do certificate verification by default
Bug #1047054 reported by
Jamie Strandboge
on 2012-09-06
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | python-urllib3 (Debian) |
Fix Released
|
Unknown
|
||
| | python-urllib3 (Ubuntu) |
Undecided
|
Unassigned | ||
Bug Description
The following program (based on http://
#!/usr/bin/python
from urllib3 import HTTPSConnectionPool
http_pool = VerifiedHTTPSCo
r = http_pool.
print r.status, r.headers.
r = http_pool.
print r.status, len(r.data)
Changing it to use:
http_pool = HTTPSConnection
Results in urllib3 properly verifying certificates. python-urllib3 should use secure defaults and perform certificate verification unless an application author tells it not to.
Related branches
Jamie Strandboge (jdstrand)
on 2012-09-06
| description: | updated |
| Launchpad Janitor (janitor) wrote : | #1 |
| Changed in python-urllib3 (Ubuntu): | |
| status: | New → Fix Released |
Bug Watch Updater (bug-watch-updater)
on 2012-09-06
| Changed in python-urllib3 (Debian): | |
| status: | Unknown → New |
Bug Watch Updater (bug-watch-updater)
on 2012-09-14
| Changed in python-urllib3 (Debian): | |
| status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package python-urllib3 - 1.3-2ubuntu1
---------------
python-urllib3 (1.3-2ubuntu1) quantal; urgency=low
* debian/
by default (LP: #1047054)
-- Jamie Strandboge <email address hidden> Thu, 06 Sep 2012 16:15:29 -0500