diff options
author | Seth M. Larson <sethmichaellarson@gmail.com> | 2018-11-01 12:24:58 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-01 12:24:58 -0500 |
commit | 0cedb3b0f1e5d79c89c6db767c534b064b794cf2 (patch) | |
tree | 646673930f4250dd07ec607ff1cf5edc202d2e06 | |
parent | 0aeba3be0224a930f6ffef254ed12b41303a86d7 (diff) | |
download | urllib3-0cedb3b0f1e5d79c89c6db767c534b064b794cf2.tar.gz |
Restore context.set_ciphers() to create_urllib3_context() (#1463)
-rw-r--r-- | CHANGES.rst | 2 | ||||
-rw-r--r-- | src/urllib3/util/ssl_.py | 2 | ||||
-rw-r--r-- | test/test_ssl.py | 18 |
3 files changed, 22 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index f6dc184b..186099d3 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -6,6 +6,8 @@ dev (master) * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467) +* Restored functionality of `ciphers` parameter for `create_urllib3_context()`. (Issue #1462) + * ... [Short description of non-trivial change.] (Issue #) diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py index 24ee26d6..64ea192a 100644 --- a/src/urllib3/util/ssl_.py +++ b/src/urllib3/util/ssl_.py @@ -263,6 +263,8 @@ def create_urllib3_context(ssl_version=None, cert_reqs=None, """ context = SSLContext(ssl_version or ssl.PROTOCOL_SSLv23) + context.set_ciphers(ciphers or DEFAULT_CIPHERS) + # Setting the default here, as we may have no ssl module on import cert_reqs = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs diff --git a/test/test_ssl.py b/test/test_ssl.py index 76a50259..47359717 100644 --- a/test/test_ssl.py +++ b/test/test_ssl.py @@ -70,3 +70,21 @@ def test_sni_missing_warning_with_ip_addresses(monkeypatch, has_sni, server_host assert SNIMissingWarning in warnings else: assert warn.call_count == 0 + + +@pytest.mark.parametrize( + ["ciphers", "expected_ciphers"], + [(None, ssl_.DEFAULT_CIPHERS), + ("ECDH+AESGCM:ECDH+CHACHA20", "ECDH+AESGCM:ECDH+CHACHA20")] +) +def test_create_urllib3_context_set_ciphers(monkeypatch, ciphers, expected_ciphers): + + context = mock.create_autospec(ssl_.SSLContext) + context.set_ciphers = mock.Mock() + context.options = 0 + monkeypatch.setattr(ssl_, "SSLContext", lambda *_, **__: context) + + assert ssl_.create_urllib3_context(ciphers=ciphers) is context + + assert context.set_ciphers.call_count == 1 + assert context.set_ciphers.call_args == mock.call(expected_ciphers) |