search

aio-libs / aiohttp

Asynchronous HTTP client/server framework for asyncio and Python
https://docs.aiohttp.org
Other
14.79k stars 1.97k forks source link

Confusing/wrong documentation for ssl #3722

Open blueyed opened 5 years ago

blueyed commented 5 years ago

The doc for TCPConnector still mentions verify_ssl: https://github.com/aio-libs/aiohttp/blob/9504fe2affaaff673fa4f3754c1c44221f8ba47d/aiohttp/connector.py#L688-L695

The internal documentation for _get_ssl_context still refers to the removed verify_ssl: https://github.com/aio-libs/aiohttp/blob/9504fe2affaaff673fa4f3754c1c44221f8ba47d/aiohttp/connector.py#L871-L884

(it is also used in one example still)

However, the main issue is that I've expected ssl=True to check certificates, but it handles it as "not verified or fingerprinted" then: https://github.com/aio-libs/aiohttp/blob/9504fe2affaaff673fa4f3754c1c44221f8ba47d/aiohttp/connector.py#L897-L899

It might be that the intention here is to use fingerprinting only, but it certainly confused me, and should maybe throw an error when using ssl=True with fingerprint=None then?

asvetlov commented 5 years ago

Definitely, I need to check this. Sorry, I'm pretty busy now