#38232 closed defect (bug) (fixed)
Setting `sslverify` to false still validates the hostname
Reported by: | dd32 | Owned by: | dd32 |
---|---|---|---|
Milestone: | 4.7.1 | Priority: | normal |
Severity: | normal | Version: | |
Component: | HTTP API | Keywords: | |
Focuses: | Cc: |
Description
Under 4.5.x when you set sslverify
to false
it'd make a HTTPS connection and ignore the validity of the certificate presented.
Under 4.6/4.6.1 it still ignores the validity, but verifies that the SSL matches the domain (ie. example.com
cert would be rejected for a example.net
request).
This was fixed upstream in https://github.com/rmccue/Requests/pull/239
Change History (5)
Note: See
TracTickets for help on using
tickets.
In 38727: