3c7026ea2d
* Require and validate certificates by default when using HTTPS
* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
encrypted ``key_file`` without creating your own ``SSLContext`` object.
* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
implementations. (Pull #1496)
* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
* Fixed issue where OpenSSL would block if an encrypted client private key was
given and no password was given. Instead an ``SSLError`` is raised.
* Added support for Brotli content encoding. It is enabled automatically if
``brotlipy`` package is installed which can be requested with
``urllib3[brotli]`` extra.
* Drop ciphers using DSS key exchange from default TLS cipher suites.
Improve default ciphers when using SecureTransport.
* Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=59
14 lines
710 B
Diff
14 lines
710 B
Diff
Index: urllib3-1.25/src/urllib3/util/ssl_.py
|
|
===================================================================
|
|
--- urllib3-1.25.orig/src/urllib3/util/ssl_.py
|
|
+++ urllib3-1.25/src/urllib3/util/ssl_.py
|
|
@@ -333,6 +333,8 @@ def ssl_wrap_socket(sock, keyfile=None,
|
|
elif ssl_context is None and hasattr(context, 'load_default_certs'):
|
|
# try to load OS default certs; works well on Windows (require Python3.4+)
|
|
context.load_default_certs()
|
|
+ elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):
|
|
+ context.set_default_verify_paths()
|
|
|
|
# Attempt to detect if we get the goofy behavior of the
|
|
# keyfile being encrypted and OpenSSL asking for the
|