Skip to content

Create create_unverified_context.py#3

Open
ericwb wants to merge 2 commits intomainfrom
ericwb-patch-2
Open

Create create_unverified_context.py#3
ericwb wants to merge 2 commits intomainfrom
ericwb-patch-2

Conversation

@ericwb
Copy link
Contributor

@ericwb ericwb commented Mar 11, 2024

No description provided.

@ericwb
Create create_unverified_context.py
e643de8 
Signed-off-by: Eric Brown <ericwb@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 11, 2024
View reviewed changes
python/stdlib/create_unverified_context.py
import ssl


context = ssl._create_unverified_context()

Check warning

Code scanning / Precaution

Improper Certificate Validation Using ssl._create_unverified_context

The 'ssl._create_unverified_context' function does not properly validate certificates.
@ericwb
Copy link
Contributor Author

ericwb commented Apr 20, 2024
edited
Loading

Tip

This pull request has had no activity in 2 weeks. Would you like to schedule an interactive session with the reviewers?

Screenshot 2024-04-19 at 9 37 07 PM

Can also show an image based on whether in light or dark mode:
https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#specifying-the-theme-an-image-is-shown-to

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 7, 2026
View reviewed changes
python/stdlib/create_unverified_context.py
import ssl


context = ssl._create_unverified_context()

Check warning

Code scanning / Bandit

By default, Python will create a secure, verified ssl context for use in such classes as HTTPSConnection. However, it still allows using an insecure context via the _create_unverified_context that reverts to the previous behavior that does not validate certificates or perform hostname checks. Warning

By default, Python will create a secure, verified ssl context for use in such classes as HTTPSConnection. However, it still allows using an insecure context via the _create_unverified_context that reverts to the previous behavior that does not validate certificates or perform hostname checks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ericwb