Issue #19508: warn that ssl doesn't validate certificates by default

author: Antoine Pitrou <solipsis@pitrou.net> 2013-11-17 14:42:58 (GMT)
committer: Antoine Pitrou <solipsis@pitrou.net> 2013-11-17 14:42:58 (GMT)
commit: f7a52475a5f666f7655df4d46f8522e0c5bdc890 (patch)
tree: de4d45ffe1d6e2432820ff7d486a1470c639f7f6
parent: be1d3c1818840626c2d5a4f8e29a32c777537681 (diff)
download: cpython-f7a52475a5f666f7655df4d46f8522e0c5bdc890.zip
cpython-f7a52475a5f666f7655df4d46f8522e0c5bdc890.tar.gz
cpython-f7a52475a5f666f7655df4d46f8522e0c5bdc890.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 898e7d2..fe653b4 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -31,6 +31,10 @@ probably additional platforms, as long as OpenSSL is installed on that platform.
    cause variations in behavior.
 
 .. warning::
+   The ssl module won't validate certificates by default.  When used in
+   client mode, this means you are vulnerable to man-in-the-middle attacks.
+
+.. warning::
 
    OpenSSL's internal random number generator does not properly handle fork.
    Applications must change the PRNG state of the parent process if they use
author	Antoine Pitrou <solipsis@pitrou.net>	2013-11-17 14:42:58 (GMT)
committer	Antoine Pitrou <solipsis@pitrou.net>	2013-11-17 14:42:58 (GMT)
commit	f7a52475a5f666f7655df4d46f8522e0c5bdc890 (patch)
tree	de4d45ffe1d6e2432820ff7d486a1470c639f7f6
parent	be1d3c1818840626c2d5a4f8e29a32c777537681 (diff)
download	cpython-f7a52475a5f666f7655df4d46f8522e0c5bdc890.zip cpython-f7a52475a5f666f7655df4d46f8522e0c5bdc890.tar.gz cpython-f7a52475a5f666f7655df4d46f8522e0c5bdc890.tar.bz2