summaryrefslogtreecommitdiffstats
path: root/Doc/library/http.client.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Doc/library/http.client.rst')
-rw-r--r--Doc/library/http.client.rst30
1 files changed, 21 insertions, 9 deletions
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst
index 6c96731..90e16a7 100644
--- a/Doc/library/http.client.rst
+++ b/Doc/library/http.client.rst
@@ -50,19 +50,31 @@ The module provides the following classes:
*source_address* was added.
-.. class:: HTTPSConnection(host, port=None, key_file=None, cert_file=None, strict=None[, timeout[, source_address]])
+.. class:: HTTPSConnection(host, port=None, key_file=None, cert_file=None, strict=None[, timeout[, source_address]], *, context=None, check_hostname=None)
A subclass of :class:`HTTPConnection` that uses SSL for communication with
- secure servers. Default port is ``443``. *key_file* is the name of a PEM
- formatted file that contains your private key, and *cert_file* is a PEM
- formatted certificate chain file; both can be used for authenticating
- yourself against the server.
-
- .. warning::
- This does not do any verification of the server's certificate.
+ secure servers. Default port is ``443``. If *context* is specified, it
+ must be a :class:`ssl.SSLContext` instance describing the various SSL
+ options. If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode`
+ of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then
+ by default *host* is matched against the host name(s) allowed by the
+ server's certificate. If you want to change that behaviour, you can
+ explicitly set *check_hostname* to False.
+
+ *key_file* and *cert_file* are deprecated, please use
+ :meth:`ssl.SSLContext.load_cert_chain` instead.
+
+ If you access arbitrary hosts on the Internet, it is recommended to
+ require certificate checking and feed the *context* with a set of
+ trusted CA certificates::
+
+ context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ context.verify_mode = ssl.CERT_REQUIRED
+ context.load_verify_locations('/etc/pki/tls/certs/ca-bundle.crt')
+ h = client.HTTPSConnection('svn.python.org', 443, context=context)
.. versionchanged:: 3.2
- *source_address* was added.
+ *source_address*, *context* and *check_hostname* were added.
.. class:: HTTPResponse(sock, debuglevel=0, strict=0, method=None, url=None)
generated by cgit v0.12 at 2024-11-12 10:03:27 (GMT)