python/python-urllib3
SHA256
14
0
Fork 0
forked from pool/python-urllib3
Code Pull Requests Activity

- update to 1.25 (bsc#1132663, CVE-2019-11236):

Browse Source 
* Require and validate certificates by default when using HTTPS
  * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
  * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
    encrypted ``key_file`` without creating your own ``SSLContext`` object.
  * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
    implementations. (Pull #1496)
  * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
  * Fixed issue where OpenSSL would block if an encrypted client private key was
    given and no password was given. Instead an ``SSLError`` is raised.
  * Added support for Brotli content encoding. It is enabled automatically if
  ``brotlipy`` package is installed which can be requested with
  ``urllib3[brotli]`` extra.
  * Drop ciphers using DSS key exchange from default TLS cipher suites.
    Improve default ciphers when using SecureTransport.
  * Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=59
This commit is contained in:
Thomas Bechtold
2019-04-23 04:14:26 +00:00
committed by Git OBS Bridge
parent 51f22ebfdd
commit 3c7026ea2d
6 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
urllib3-ssl-default-context.patch
View File

@@ -1,5 +1,7 @@
--- a/src/urllib3/util/ssl_.py
+++ b/src/urllib3/util/ssl_.py
Index: urllib3-1.25/src/urllib3/util/ssl_.py
===================================================================
--- urllib3-1.25.orig/src/urllib3/util/ssl_.py
+++ urllib3-1.25/src/urllib3/util/ssl_.py
@@ -333,6 +333,8 @@ def ssl_wrap_socket(sock, keyfile=None,
elif ssl_context is None and hasattr(context, 'load_default_certs'):
# try to load OS default certs; works well on Windows (require Python3.4+)
@@ -7,5 +9,5 @@
+ elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):
+ context.set_default_verify_paths()
if certfile:
context.load_cert_chain(certfile, keyfile)
# Attempt to detect if we get the goofy behavior of the
# keyfile being encrypted and OpenSSL asking for the