urllib3 does not do certificate verification by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| python-urllib3 (Debian) |
Fix Released
|
Unknown
|
||
| python-urllib3 (Ubuntu) |
Undecided
|
Unassigned |
Bug Description
The following program (based on http://
#!/usr/bin/python
from urllib3 import HTTPSConnectionPool
http_pool = VerifiedHTTPSCo
r = http_pool.
print r.status, r.headers.
r = http_pool.
print r.status, len(r.data)
Changing it to use:
http_pool = HTTPSConnection
Results in urllib3 properly verifying certificates. python-urllib3 should use secure defaults and perform certificate verification unless an application author tells it not to.
Related branches
description: | updated |
Launchpad Janitor (janitor) wrote : | #1 |
Changed in python-urllib3 (Ubuntu): | |
status: | New → Fix Released |
Changed in python-urllib3 (Debian): | |
status: | Unknown → New |
Changed in python-urllib3 (Debian): | |
status: | New → Fix Released |
This bug was fixed in the package python-urllib3 - 1.3-2ubuntu1
---------------
python-urllib3 (1.3-2ubuntu1) quantal; urgency=low
* debian/ patches/ 02_require- cert-verificati on.patch: verify SSL certificates
by default (LP: #1047054)
-- Jamie Strandboge <email address hidden> Thu, 06 Sep 2012 16:15:29 -0500