diff options
author | Benjamin Peterson <benjamin@python.org> | 2014-12-07 18:18:25 (GMT) |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2014-12-07 18:18:25 (GMT) |
commit | a090f01bb63d73382e6e65b0364047c50afae5c2 (patch) | |
tree | 7d51bda9c589d72eeada9f24e2fd20acc965a4e5 /Doc | |
parent | b92fd01189c74c76a70ecf24d723d2f5c0ffc5b9 (diff) | |
download | cpython-a090f01bb63d73382e6e65b0364047c50afae5c2.zip cpython-a090f01bb63d73382e6e65b0364047c50afae5c2.tar.gz cpython-a090f01bb63d73382e6e65b0364047c50afae5c2.tar.bz2 |
HTTPSConnection: prefer the context's check_hostname attribute over the constructor parameter (#22959)
Diffstat (limited to 'Doc')
-rw-r--r-- | Doc/library/http.client.rst | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst index 35b9355..94f7b13 100644 --- a/Doc/library/http.client.rst +++ b/Doc/library/http.client.rst @@ -69,17 +69,12 @@ The module provides the following classes: *key_file* and *cert_file* are deprecated, please use :meth:`ssl.SSLContext.load_cert_chain` instead, or let :func:`ssl.create_default_context` select the system's trusted CA - certificates for you. + certificates for you. The *check_hostname* parameter is also deprecated; the + :attr:`SSLContext.check_hostname` attribute of *context* should be used + instead. Please read :ref:`ssl-security` for more information on best practices. - .. note:: - If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode` - of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then - by default *host* is matched against the host name(s) allowed by the - server's certificate. If you want to change that behaviour, you can - explicitly set *check_hostname* to False. - .. versionchanged:: 3.2 *source_address*, *context* and *check_hostname* were added. |