rspec/rules/S4830/python/how-to-fix-it/std.adoc

== How to fix it in Python Standard Library

=== Code examples

include::../../common/fix/code-rationale.adoc[]

Certificate validation is not enabled by default when ``++_create_unverified_context++``
is used. It is recommended to use ``++_create_default_https_context++`` instead to
create a secure context that validates certificates.

==== Noncompliant code example

[source,python,diff-id=21,diff-type=noncompliant]
----
import ssl

ctx1 = ssl._create_unverified_context() # Noncompliant
ctx2 = ssl._create_stdlib_context() # Noncompliant

ctx3 = ssl.create_default_context()
ctx3.verify_mode = ssl.CERT_NONE # Noncompliant
----

==== Compliant solution

[source,python,diff-id=21,diff-type=compliant]
----
import ssl

ctx = ssl.create_default_context()
ctx.verify_mode = ssl.CERT_REQUIRED

# By default, certificate validation is enabled
ctx = ssl._create_default_https_context()
----

=== How does this work?

include::../../common/fix/validation.adoc[]