I use Python's urllib2.urlopen
for talking with HTTPS servers, but I now learned on the documentation that "HTTPS requests [using urllib2.urlopen
] do not do any verification of the server’s certificate."
This is a big problem for me, because it leaves my servers open to a MITM attack.
I want a drop-in replacement for urllib2.urlopen
that does cert-verification, so I could bundle it with my code and replace all calls to urllib2.urlopen
with calls to the modified urlopen
function.
Because this is a security issue, I much prefer battle-tested security-audited code rather than some random recipe from the internet.
urllib2_ssl.py
allows you to enable cert verification forurllib2.urlopen()
– Backbite