diff options
| author | Benjamin Peterson <benjamin@python.org> | 2014-12-07 13:18:25 -0500 |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2014-12-07 13:18:25 -0500 |
| commit | 33ddfca80b6d9db38222f87511b6e5699cc10870 (patch) | |
| tree | b971bbcb44131c190728a9c8a57ed29fb0de5b81 /Doc/library/http.client.rst | |
| parent | 56a97a93bddb879711a239b8f174bba951b55fe4 (diff) | |
| download | cpython-33ddfca80b6d9db38222f87511b6e5699cc10870.tar.gz | |
HTTPSConnection: prefer the context's check_hostname attribute over the constructor parameter (#22959)
Diffstat (limited to 'Doc/library/http.client.rst')
| -rw-r--r-- | Doc/library/http.client.rst | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/Doc/library/http.client.rst b/Doc/library/http.client.rst index 35b9355ef4..94f7b139b0 100644 --- a/Doc/library/http.client.rst +++ b/Doc/library/http.client.rst @@ -69,17 +69,12 @@ The module provides the following classes: *key_file* and *cert_file* are deprecated, please use :meth:`ssl.SSLContext.load_cert_chain` instead, or let :func:`ssl.create_default_context` select the system's trusted CA - certificates for you. + certificates for you. The *check_hostname* parameter is also deprecated; the + :attr:`SSLContext.check_hostname` attribute of *context* should be used + instead. Please read :ref:`ssl-security` for more information on best practices. - .. note:: - If *context* is specified and has a :attr:`~ssl.SSLContext.verify_mode` - of either :data:`~ssl.CERT_OPTIONAL` or :data:`~ssl.CERT_REQUIRED`, then - by default *host* is matched against the host name(s) allowed by the - server's certificate. If you want to change that behaviour, you can - explicitly set *check_hostname* to False. - .. versionchanged:: 3.2 *source_address*, *context* and *check_hostname* were added. |