Skip to content

Commit 1efadf4

Browse files
sethmlarsonshazow
sethmlarson
authored and
shazow
committed
Release 1.24.2 (#1564)
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
1 parent a6ec68a commit 1efadf4

14 files changed

Lines changed: 140 additions & 11 deletions

File tree

CHANGES.rst

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,23 @@
11
Changes
22
=======
33

4+
1.24.2 (2019-04-17)
5+
-------------------
6+
7+
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or
8+
``ssl_context`` parameters are specified.
9+
10+
* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
11+
12+
* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
13+
14+
415
1.24.1 (2018-11-02)
516
-------------------
617

718
* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
819

9-
* Restored functionality of `ciphers` parameter for `create_urllib3_context()`. (Issue #1462)
20+
* Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue #1462)
1021

1122

1223
1.24 (2018-10-16)

CONTRIBUTORS.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -272,5 +272,8 @@ In chronological order:
272272
* Justin Bramley <https://github.com/jbramleycl>
273273
* Add ability to handle multiple Content-Encodings
274274

275+
* Katsuhiko YOSHIDA <https://github.com/kyoshidajp>
276+
* Remove Authorization header regardless of case when redirecting to cross-site
277+
275278
* [Your name or handle] <[email or website]>
276279
* [Brief summary of your changes]

dummyserver/certs/server.ipv6_san.crt

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICfTCCAeagAwIBAgIJAPcpn3/M5+piMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
3+
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
4+
aWRnaXRzIFB0eSBMdGQwHhcNMTgxMjE5MDUyMjUyWhcNNDgxMjE4MDUyMjUyWjBF
5+
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
6+
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
7+
gQDXe3FqmCWvP8XPxqtT+0bfL1Tvzvebi46k0WIcUV8bP3vyYiSRXG9ALmyzZH4G
8+
HY9UVs4OEDkCMDOBSezB0y9ai/9doTNcaictdEBu8nfdXKoTtzrn+VX4UPrkH5hm
9+
7NQ1fTQuj1MR7yBCmYqN3Q2Q+Efuujyx0FwBzAuy1aKYuwIDAQABo3UwczAdBgNV
10+
HQ4EFgQUG+dK5Uos08QUwAWofDb3a8YcYlIwHwYDVR0jBBgwFoAUG+dK5Uos08QU
11+
wAWofDb3a8YcYlIwDwYDVR0TAQH/BAUwAwEB/zAgBgNVHREEGTAXggM6OjGHEAAA
12+
AAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADgYEAjT767TDq6q4lOextf3tZ
13+
BjeuYDUy7bb1fDBAN5rBT1ywr7r0JE6/KOnsZx4jbevx3MllxNpx0gOM2bgwJlnG
14+
8tgwRB6pxDyln01WBj9b5ymK60jdkw7gg3yYpqEs5/VBQidFO3BmDqf5cGO8PU7p
15+
0VWdfJBP2UbwblNXdImI1zk=
16+
-----END CERTIFICATE-----

dummyserver/server.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,16 @@
5858
'certfile': os.path.join(CERTS_PATH, 'server.ipv6addr.crt'),
5959
'keyfile': os.path.join(CERTS_PATH, 'server.ipv6addr.key'),
6060
}
61+
IPV6_SAN_CERTS = {
62+
'certfile': os.path.join(CERTS_PATH, 'server.ipv6_san.crt'),
63+
'keyfile': DEFAULT_CERTS['keyfile']
64+
}
6165
DEFAULT_CA = os.path.join(CERTS_PATH, 'cacert.pem')
6266
DEFAULT_CA_BAD = os.path.join(CERTS_PATH, 'client_bad.pem')
6367
NO_SAN_CA = os.path.join(CERTS_PATH, 'cacert.no_san.pem')
6468
DEFAULT_CA_DIR = os.path.join(CERTS_PATH, 'ca_path_test')
6569
IPV6_ADDR_CA = os.path.join(CERTS_PATH, 'server.ipv6addr.crt')
70+
IPV6_SAN_CA = os.path.join(CERTS_PATH, 'server.ipv6_san.crt')
6671
COMBINED_CERT_AND_KEY = os.path.join(CERTS_PATH, 'server.combined.pem')
6772

6873

src/urllib3/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727

2828
__author__ = 'Andrey Petrov (andrey.petrov@shazow.net)'
2929
__license__ = 'MIT'
30-
__version__ = '1.24.1'
30+
__version__ = '1.24.2'
3131

3232
__all__ = (
3333
'HTTPConnectionPool',

src/urllib3/contrib/pyopenssl.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,9 @@ def idna_encode(name):
184184
except idna.core.IDNAError:
185185
return None
186186

187+
if ':' in name:
188+
return name
189+
187190
name = idna_encode(name)
188191
if name is None:
189192
return None

src/urllib3/poolmanager.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool
88
from .connectionpool import port_by_scheme
99
from .exceptions import LocationValueError, MaxRetryError, ProxySchemeUnknown
10+
from .packages import six
1011
from .packages.six.moves.urllib.parse import urljoin
1112
from .request import RequestMethods
1213
from .util.url import parse_url
@@ -342,8 +343,10 @@ def urlopen(self, method, url, redirect=True, **kw):
342343
# conn.is_same_host() which may use socket.gethostbyname() in the future.
343344
if (retries.remove_headers_on_redirect
344345
and not conn.is_same_host(redirect_location)):
345-
for header in retries.remove_headers_on_redirect:
346-
kw['headers'].pop(header, None)
346+
headers = list(six.iterkeys(kw['headers']))
347+
for header in headers:
348+
if header.lower() in retries.remove_headers_on_redirect:
349+
kw['headers'].pop(header, None)
347350

348351
try:
349352
retries = retries.increment(method, url, response=response, _pool=conn)

src/urllib3/util/retry.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,8 @@ def __init__(self, total=10, connect=None, read=None, redirect=None, status=None
179179
self.raise_on_status = raise_on_status
180180
self.history = history or tuple()
181181
self.respect_retry_after_header = respect_retry_after_header
182-
self.remove_headers_on_redirect = remove_headers_on_redirect
182+
self.remove_headers_on_redirect = frozenset([
183+
h.lower() for h in remove_headers_on_redirect])
183184

184185
def new(self, **kw):
185186
params = dict(

src/urllib3/util/ssl_.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -327,7 +327,10 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
327327
if e.errno == errno.ENOENT:
328328
raise SSLError(e)
329329
raise
330-
elif getattr(context, 'load_default_certs', None) is not None:
330+
331+
# Don't load system certs unless there were no CA certs or
332+
# SSLContext object specified manually.
333+
elif ssl_context is None and hasattr(context, 'load_default_certs'):
331334
# try to load OS default certs; works well on Windows (require Python3.4+)
332335
context.load_default_certs()
333336

test/contrib/test_pyopenssl.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,10 @@ def teardown_module():
3131
pass
3232

3333

34-
from ..with_dummyserver.test_https import TestHTTPS, TestHTTPS_TLSv1 # noqa: F401
34+
from ..with_dummyserver.test_https import ( # noqa: F401
35+
TestHTTPS, TestHTTPS_TLSv1, TestHTTPS_IPv6Addr,
36+
TestHTTPS_IPSAN, TestHTTPS_NoSAN, TestHTTPS_IPV6SAN
37+
)
3538
from ..with_dummyserver.test_socketlevel import ( # noqa: F401
3639
TestSNI, TestSocketClosing, TestClientCerts
3740
)

0 commit comments

Comments
 (0)