``urllib2.urlopen`的替换,做证书验证 [英] Drop-in replacement for `urllib2.urlopen` that does cert verification
问题描述
我使用Python的 urllib2.urlopen
与HTTPS服务器通讯,但我现在在文档HTTPS请求[使用 urllib2.urlopen
]不对服务器证书进行任何验证。
I use Python's urllib2.urlopen
for talking with HTTPS servers, but I now learned on the documentation that "HTTPS requests [using urllib2.urlopen
] do not do any verification of the server’s certificate."
这对我来说是一个大问题,因为它使我的服务器对MITM攻击开放。
This is a big problem for me, because it leaves my servers open to a MITM attack.
我想要一个替换 urllib2。 urlopen
,因此我可以将它与我的代码捆绑,并将所有调用替换为 urllib2.urlopen
调用修改的 urlopen
函数。
I want a drop-in replacement for urllib2.urlopen
that does cert-verification, so I could bundle it with my code and replace all calls to urllib2.urlopen
with calls to the modified urlopen
function.
因为这是一个安全问题,我更喜欢经过测试的安全审计代码,
Because this is a security issue, I much prefer battle-tested security-audited code rather than some random recipe from the internet.
推荐答案
情况改变了,幸运的是。默认情况下,从Python 2.7.9 / 3.4.3启用证书验证。请参见 https://www.python.org/dev/peps/pep-0476/ 了解更多详情。
The situation changed, fortunately. Certificate verification is by default enabled from Python 2.7.9 / 3.4.3 on. See https://www.python.org/dev/peps/pep-0476/ for further details.
这篇关于``urllib2.urlopen`的替换,做证书验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!