Subject
proxy_is_verified is never set for HTTPs to HTTP proxies. proxy_is_verified is set only at https://github.com/urllib3/urllib3/blob/main/src/urllib3/connection.py#L694 and the function _connect_tls_proxy containing this line is called only when we are creating a HTTP tunnel https://github.com/urllib3/urllib3/blob/main/src/urllib3/connection.py#L672. We would have to set the value for proxy_is_verified for scenarios when we are not using a TLS-in-TLS tunnel and instead setting up a TLS connection for HTTPs to HTTP case.
More context - #3070 (review)
Environment
Describe your environment.
At least, paste here the output of:
import platform
import ssl
import urllib3
print("OS", platform.platform()) # OS macOS-13.4.1-arm64-arm-64bit
print("Python", platform.python_version()) # Python 3.10.12
print(ssl.OPENSSL_VERSION) # OpenSSL 3.1.1 30 May 2023
print("urllib3", urllib3.__version__) # urllib3 1.26.14Steps to Reproduce
You can add a print statement to print proxy_is_verified for HTTPS to HTTP connection. The value of proxy_is_verified is set to None and never updated to False for the following example.
proxy = urllib3.ProxyManager('https://127.0.0.1:8443', cert_reqs='NONE')
res = proxy.request('GET', 'https://bff.familyid.samagra.io')Expected Behavior
proxy_is_verified set to False or True appropriately.
Actual Behavior
According to this comment in code if we are connected to proxy, it should not be Nonfe
|
# If no proxy is currently connected to the value will be ``None``. |
But proxy_is_verified is set to None instead of False
What happens instead.
For HTTPS proxy connection to HTTP host, proxy_is_verified is never set properly. proxy_is_verified is set appropriately for HTTPS to HTTPS connections.
Subject
proxy_is_verifiedis never set for HTTPs to HTTP proxies.proxy_is_verifiedis set only at https://github.com/urllib3/urllib3/blob/main/src/urllib3/connection.py#L694 and the function_connect_tls_proxycontaining this line is called only when we are creating a HTTP tunnel https://github.com/urllib3/urllib3/blob/main/src/urllib3/connection.py#L672. We would have to set the value forproxy_is_verifiedfor scenarios when we are not using a TLS-in-TLS tunnel and instead setting up a TLS connection for HTTPs to HTTP case.More context - #3070 (review)
Environment
Describe your environment.
At least, paste here the output of:
Steps to Reproduce
You can add a
printstatement to printproxy_is_verifiedforHTTPStoHTTPconnection. The value ofproxy_is_verifiedis set toNoneand never updated toFalsefor the following example.Expected Behavior
proxy_is_verifiedset toFalseorTrueappropriately.Actual Behavior
According to this comment in code if we are connected to proxy, it should not be
Nonfeurllib3/src/urllib3/connection.py
Line 120 in d9f85a7
But
proxy_is_verifiedis set toNoneinstead ofFalseWhat happens instead.
For
HTTPSproxy connection toHTTPhost,proxy_is_verifiedis never set properly.proxy_is_verifiedis set appropriately forHTTPStoHTTPSconnections.