31 Jul
2015
31 Jul
'15
3:15 a.m.
On Thu, Jul 23, 2015 at 03:57:27PM +0000, Eren Yagdiran wrote: [..snip..]
+def get_url(server, path, headers): + url = "https://" + server + path + debug(" Fetching %s..." % url) + + req = urllib2.Request(url=url)
This does not seem to do any certificate validation (just in case this ends up in a distro's /usr/bin/ I can already see the CVE forthcoming). Cheers, -- Guido