| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the case the server legitimately closes a connection but we are still
sending data (e.g. sending a POST request), the old code prevents the
response to be retrieved.
With this change, we avoid a broken pipe in the request write process
to be able to capture the HTTP response.
Co-authored-by: Rober Morales-Chaparro <rober.morales@gmail.com>
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
Co-authored-by: hodbn <hodbn@users.noreply.github.com>
Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
|
| | |
|
| | |
|
| | |
|
| |
|
| |
httplib expects the response body to be available to the HTTP header parser but that's not the case for `parse_headers()` so the following defects are always added to multipart/* responses. We simply ignore these defects at this stage as they are a known issue.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
TLS within TLS is not supported easily within the ssl library. The
SSLSocket actually takes over the existing socket
(https://github.com/python/cpython/blob/master/Lib/ssl.py#L999-L1006)
instead of wrapping it entirely. The only way to support to TLS within
TLS is with the wrap_bio methods.
This commit introduces SSLTransport which wraps a socket in TLS using
the provided SSL context. Rather than taking over the socket it uses the
wrap_bio methods to perform TLS on top of that socket.
Signed-off-by: Jorge Lopez Silva <jalopezsilva@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add hardcoded paths to macOS frameworks for Big Sur compatibility.
ctypes.util.find_library is checking for the presence of the framework
files, which will fail due to macOS Big Sur's "dynamic linker cache".
Since these files really can't be anywhere else, we just hardcode the
path and load them.
See: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11-beta-release-notes
(relevent excerpt provided below)
This update takes the approach of leaving the existing behavior as is
for macOS 10.8 (lowest supported version) through 10.15.
Allegedly Apple is going to number Big Sur as macOS 11, although right
now the beta returns a version of "10.16", so this code handles both as
being greater than or equal to "10.16".
| New in macOS Big Sur 11 beta, the system ships with a built-in dynamic
linker cache of all system-provided libraries. As part of this change,
copies of dynamic libraries are no longer present on the filesystem.
Code that attempts to check for dynamic library presence by looking for
a file at a path or enumerating a directory will fail. Instead, check
for library presence by attempting to dlopen() the path, which will
correctly check for the library in the cache. (62986286)
* Raise an OSError if not on macOS and trying to import securetransport
* Just use hardcoded paths for Security and CoreFoundation libs.
This should never be anything but these paths. Instead of checking for
`os.path.isfile` with `ctypes.util.find_library`, we just try to load
with `ctypes.CDLL` and catch the `OSError` if it fails, add context, and
reraise.
* Updated to preserve pre-10.16 behavior.
* Bail early on non-macOS.
* Restore find_library import, OSError -> ImportError
* ImportError
* OSError
* Delete test_securetransport_big_sur.py
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
|
| | |
|
| | |
|
| |
|
| |
Co-authored-by: hodbn <hodbn@users.noreply.github.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Ensure load_verify_locations raises SSLError for all backends
This also adds TestSSL to the classes tested in SecureTransport and
PyOpenSSL, since:
1. TestSSL was the most natural place for this test.
2. The test only makes sense when run against all SSL backends.
Co-authored-by: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>
* Remove redundant check in test
pytest.raises() already checks this.
* Update test_socketlevel.py
Co-authored-by: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support to talk HTTPS to proxies.
Currently there's no way to validate identify for the proxy you might be
connecting. Proxies supporting HTTPS endpoints are becoming more common
and we need to extend the support for them.
When an HTTPS proxy is provided, instead of doing the HTTP CONNECT,
we'll forward any requests directly to the proxy and ultimately to the
destination.
* Fix proxy_headers missing on HTTPS proxy connections.
* blackfmt missing files.
* Prevent usage of HTTPS proxies when fetching HTTPS resources.
- Will be supported by default when we can do TLS within TLS.
* Update proxy documentation with more information.
* Renamed flag for HTTPS websites through HTTPS proxies.
* Added myself to contributors.
* Documentation and contributors fixes.
* Removed mention that TLS in TLS is being developed as requested.
* Space in between my name and the github page.
* Add flag to enable HTTPS proxy support.
Now that we're adding support for HTTPS proxies we want to avoid
a breaking change with clients that had an improper proxy configuration.
For now, we're adding a warning an defaulting to the previous behavior.
In the future we'll change the behavior to enable HTTPS proxies by
default.
* Remove guard flag, error out on HTTPS/HTTPS.
As requested in the last revision for the PR:
- Removed the _enable_https_proxies flag. Instead the feature will be
enabled and will error out on invalid configurations. (HTTPS + HTTPS)
- Other comments: rename a method, parentheses to clarify order of
operations.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
|
| |
|
|
| |
Previously, iterating the lines of an empty response would yield the empty string once. However, the iterator should instead never yield anything. This is consistent with file io; `open('/dev/null', 'rb').readlines()` is `[]`.
|
| | |
|
| |
|
|
|
|
| |
Whether testbed tests "are appengine" is debatable, but historically
this function has returned False in testbed tests. This behavior was
inadvertently (and unnecessarily) changed in PR #1704. This commit
undoes that regression for testbed tests.
|
| | |
|
