``urllib2.urlopen`的替换，做证书验证 [英] Drop-in replacement for `urllib2.urlopen` that does cert verification

问题描述

我使用Python的 urllib2.urlopen 与HTTPS服务器通讯，但我现在在文档HTTPS请求[使用 urllib2.urlopen ]不对服务器证书进行任何验证。

I use Python's urllib2.urlopen for talking with HTTPS servers, but I now learned on the documentation that "HTTPS requests [using urllib2.urlopen] do not do any verification of the server’s certificate."

这对我来说是一个大问题，因为它使我的服务器对MITM攻击开放。

This is a big problem for me, because it leaves my servers open to a MITM attack.

我想要一个替换 urllib2。 urlopen ，因此我可以将它与我的代码捆绑，并将所有调用替换为 urllib2.urlopen 调用修改的 urlopen 函数。

I want a drop-in replacement for urllib2.urlopen that does cert-verification, so I could bundle it with my code and replace all calls to urllib2.urlopen with calls to the modified urlopen function.

因为这是一个安全问题，我更喜欢经过测试的安全审计代码，

Because this is a security issue, I much prefer battle-tested security-audited code rather than some random recipe from the internet.

推荐答案

情况改变了，幸运的是。默认情况下，从Python 2.7.9 / 3.4.3启用证书验证。请参见 https://www.python.org/dev/peps/pep-0476/ 了解更多详情。

The situation changed, fortunately. Certificate verification is by default enabled from Python 2.7.9 / 3.4.3 on. See https://www.python.org/dev/peps/pep-0476/ for further details.

这篇关于``urllib2.urlopen`的替换，做证书验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！