In the past, the internal _create_unverified_context() method of the
ssl module was used to create a context that doesn't verify
certificates. However, (now?) there is a cleaner way: by setting the
context's "check_hostname" member to False and its "verify_mode"
member to ssl.CERT_NONE. Which is exactly what this commit does.
# SSL mumbo jumbo to make it ignore the certificate's hostname
# when verify_cert = False.
- if self.verify_cert:
- ssl_ctx = ssl.create_default_context()
- else:
- ssl_ctx = ssl._create_unverified_context()
+ ssl_ctx = ssl.create_default_context()
+ if not self.verify_cert:
+ ssl_ctx.check_hostname = False
+ ssl_ctx.verify_mode = ssl.CERT_NONE
https_handler = urllib.request.HTTPSHandler(context=ssl_ctx)