Don't promote the use of ssl.CERT_OPTIONAL

2016-07-06 11:47:46 -07:00 · 2016-07-06 11:47:46 -07:00 · bce5f95d7b
commit bce5f95d7b
parent aef97ae222
2 changed files with 9 additions and 19 deletions
--- a/doc/examples/tls.rst
+++ b/doc/examples/tls.rst
@ -51,17 +51,6 @@ Or, in the URI::
  >>> uri = 'mongodb://example.com/?ssl=true&ssl_cert_reqs=CERT_NONE'
  >>> client = pymongo.MongoClient(uri)

-You can also configure optional certificate verification, if a certificate is
-provided by the server::
-
-  >>> import ssl
-  >>> client = pymongo.MongoClient('example.com',
-  ...                              ssl=True,
-  ...                              ssl_cert_reqs=ssl.CERT_OPTIONAL)
-  >>>
-  >>> uri = 'mongodb://example.com/?ssl=true&ssl_cert_reqs=CERT_OPTIONAL'
-  >>> client = pymongo.MongoClient(uri)
-
 Specifying a CA file
 ....................

--- a/pymongo/mongo_client.py
+++ b/pymongo/mongo_client.py
@ -217,14 +217,15 @@ class MongoClient(common.BaseObject):
          - `ssl_cert_reqs`: Specifies whether a certificate is required from
            the other side of the connection, and whether it will be validated
            if provided. It must be one of the three values ``ssl.CERT_NONE``
-            (certificates ignored), ``ssl.CERT_OPTIONAL``
-            (not required, but validated if provided), or ``ssl.CERT_REQUIRED``
-            (required and validated). If the value of this parameter is not
-            ``ssl.CERT_NONE`` and a value is not provided for ``ssl_ca_certs``
-            PyMongo will attempt to load system provided CA certificates.
-            If the python version in use does not support loading system CA
-            certificates then the ``ssl_ca_certs`` parameter must point
-            to a file of CA certificates. Implies ``ssl=True``. Defaults to
+            (certificates ignored), ``ssl.CERT_REQUIRED`` (certificates
+            required and validated), or ``ssl.CERT_OPTIONAL`` (the same as
+            CERT_REQUIRED, unless the server was configured to use anonymous
+            ciphers). If the value of this parameter is not ``ssl.CERT_NONE``
+            and a value is not provided for ``ssl_ca_certs`` PyMongo will
+            attempt to load system provided CA certificates. If the python
+            version in use does not support loading system CA certificates
+            then the ``ssl_ca_certs`` parameter must point to a file of CA
+            certificates. Implies ``ssl=True``. Defaults to
            ``ssl.CERT_REQUIRED`` if not provided and ``ssl=True``.
          - `ssl_ca_certs`: The ca_certs file contains a set of concatenated
            "certification authority" certificates, which are used to validate