linkcheck does not validate TLS

Alex Gaynor avatarAlex Gaynor created an issue

Specifically: it does not check when it loads a page that the certificate the server presented is a) signed by any recognized signing authority, and b) has a hostname matching the actual hostname. The result is a) linkcheck is open to MITM, b) it doesn't really emulate what a browser does, a real user clicking the link in a modern browser will get an error page.

Comments (2)

  1. Georg Brandl

    I have no objections to use requests (which I assume does TRT on 2.x) when available.

    But in general a) is not a concern at all for this application, and b) is a minor annoyance (and usually nothing the documentation author could fix).

  2. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.