| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add hardcoded paths to macOS frameworks for Big Sur compatibility.
ctypes.util.find_library is checking for the presence of the framework
files, which will fail due to macOS Big Sur's "dynamic linker cache".
Since these files really can't be anywhere else, we just hardcode the
path and load them.
See: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11-beta-release-notes
(relevent excerpt provided below)
This update takes the approach of leaving the existing behavior as is
for macOS 10.8 (lowest supported version) through 10.15.
Allegedly Apple is going to number Big Sur as macOS 11, although right
now the beta returns a version of "10.16", so this code handles both as
being greater than or equal to "10.16".
| New in macOS Big Sur 11 beta, the system ships with a built-in dynamic
linker cache of all system-provided libraries. As part of this change,
copies of dynamic libraries are no longer present on the filesystem.
Code that attempts to check for dynamic library presence by looking for
a file at a path or enumerating a directory will fail. Instead, check
for library presence by attempting to dlopen() the path, which will
correctly check for the library in the cache. (62986286)
* Raise an OSError if not on macOS and trying to import securetransport
* Just use hardcoded paths for Security and CoreFoundation libs.
This should never be anything but these paths. Instead of checking for
`os.path.isfile` with `ctypes.util.find_library`, we just try to load
with `ctypes.CDLL` and catch the `OSError` if it fails, add context, and
reraise.
* Updated to preserve pre-10.16 behavior.
* Bail early on non-macOS.
* Restore find_library import, OSError -> ImportError
* ImportError
* OSError
* Delete test_securetransport_big_sur.py
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
|
| | |
|
| | |
|
| |
|
| |
Co-authored-by: hodbn <hodbn@users.noreply.github.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Ensure load_verify_locations raises SSLError for all backends
This also adds TestSSL to the classes tested in SecureTransport and
PyOpenSSL, since:
1. TestSSL was the most natural place for this test.
2. The test only makes sense when run against all SSL backends.
Co-authored-by: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>
* Remove redundant check in test
pytest.raises() already checks this.
* Update test_socketlevel.py
Co-authored-by: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support to talk HTTPS to proxies.
Currently there's no way to validate identify for the proxy you might be
connecting. Proxies supporting HTTPS endpoints are becoming more common
and we need to extend the support for them.
When an HTTPS proxy is provided, instead of doing the HTTP CONNECT,
we'll forward any requests directly to the proxy and ultimately to the
destination.
* Fix proxy_headers missing on HTTPS proxy connections.
* blackfmt missing files.
* Prevent usage of HTTPS proxies when fetching HTTPS resources.
- Will be supported by default when we can do TLS within TLS.
* Update proxy documentation with more information.
* Renamed flag for HTTPS websites through HTTPS proxies.
* Added myself to contributors.
* Documentation and contributors fixes.
* Removed mention that TLS in TLS is being developed as requested.
* Space in between my name and the github page.
* Add flag to enable HTTPS proxy support.
Now that we're adding support for HTTPS proxies we want to avoid
a breaking change with clients that had an improper proxy configuration.
For now, we're adding a warning an defaulting to the previous behavior.
In the future we'll change the behavior to enable HTTPS proxies by
default.
* Remove guard flag, error out on HTTPS/HTTPS.
As requested in the last revision for the PR:
- Removed the _enable_https_proxies flag. Instead the feature will be
enabled and will error out on invalid configurations. (HTTPS + HTTPS)
- Other comments: rename a method, parentheses to clarify order of
operations.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
|
| |
|
|
| |
Previously, iterating the lines of an empty response would yield the empty string once. However, the iterator should instead never yield anything. This is consistent with file io; `open('/dev/null', 'rb').readlines()` is `[]`.
|
| | |
|
| |
|
|
|
|
| |
Whether testbed tests "are appengine" is debatable, but historically
this function has returned False in testbed tests. This behavior was
inadvertently (and unnecessarily) changed in PR #1704. This commit
undoes that regression for testbed tests.
|
| | |
|
| |
|
|
| |
Unverified connections also go through VerifiedHTTPSConnection.
|
| |
|
|
|
| |
Indeed, the only _encode_target only calls it if the url starts with a
slash.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Don't encode fragment into target
* Add entry in CHANGES.rst
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
It's not actually supported by the OS. In other words, instead of trying
TLS 1.3 and being forced to fallback on TLS 1.2, we just use TLS 1.2 by
default.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: https://github.com/urllib3/urllib3/issues/1634
Signed-off-by: Christian Heimes <christian@python.org>
* Add tests for TLS 1.3 PHA
Fixes: https://github.com/urllib3/urllib3/issues/1634
Signed-off-by: Christian Heimes <christian@python.org>
|
