Ensure eventlet SSL HTTPs contexts allow HTTP verify disabled

[Tehsmash]

Monkey patched SSL context does not observe environment PYTHONHTTPSVERIFY=0 or PEP 493 settings

Eventlet monkey patches the default SSL context and as a result circumvents the logic added to python's ssl.py to change the default SSL verification behaviour here https://github.com/python/cpython/blob/2.7/Lib/ssl.py#L508-L518

Python SSL supports a couple of different ways to disable HTTPS
verification, either via an environment variable or via methods defined
in PEP 493. To ensure these work we must call the original
_create_default_https_context function to ensure we are calling the
right default https context (verified or unverified) function according
set by the https context factory.

Fixes #484

[codecov-io]

Codecov Report

Merging #485 into master will increase coverage by <1%.
The diff coverage is 83%.

@@          Coverage Diff           @@
##           master   #485    +/-   ##
======================================
+ Coverage      45%    45%   +<1%     
======================================
  Files          82     82            
  Lines        8024   8029     +5     
  Branches     1372   1372            
======================================
+ Hits         3622   3626     +4     
- Misses       4159   4160     +1     
  Partials      243    243

Flag	Coverage Δ
#ipv6	14% <50%> (ø)	⬆️
#py27epolls	48% <83%> (-1%)	⬇️
#py27poll	47% <83%> (-1%)	⬇️
#py27selects	47% <83%> (ø)	⬆️
#py33epolls	40% <50%> (-1%)	⬇️
#py33poll	40% <50%> (ø)	⬆️
#py33selects	40% <50%> (ø)	⬆️
#py34epolls	41% <83%> (ø)	⬆️
#py34poll	41% <83%> (-1%)	⬇️
#py34selects	40% <83%> (ø)	⬆️
#py35epolls	41% <83%> (ø)	⬆️
#py35poll	40% <83%> (-1%)	⬇️
#py35selects	40% <83%> (-1%)	⬇️
#py36epolls	41% <83%> (ø)	⬆️
#py36poll	40% <83%> (-1%)	⬇️
#py36selects	40% <83%> (ø)	⬆️

Impacted Files	Coverage Δ
eventlet/green/ssl.py	65% <83%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d6d892...b8699f3. Read the comment docs.

[temoto]

@Tehsmash did you verify it? I've tried to construct a test case c9eaa1c and it seems to verify certificate in spite environment flag.

[Tehsmash]

I verified it with a small python script, here are my results:

$ cat test.py 
import ssl
import eventlet
import urllib2
from eventlet.green import ssl as greenssl

eventlet.monkey_patch(os=False)
print(ssl._create_default_https_context)
print(urllib2.urlopen("https://expired.badssl.com/"))

$ export PYTHONHTTPSVERIFY=1
$ python test.py 
<function green_create_default_https_context at 0x7feefd1da230>
Traceback (most recent call last):
  File "test.py", line 10, in <module>
    print(urllib2.urlopen("https://expired.badssl.com/"))
  File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

$ export PYTHONHTTPSVERIFY=0
$ python test.py
<function green_create_default_https_context at 0x7efd0fd16230>
<addinfourl at 139625356258336 whose fp = <socket._fileobject object at 0x7efd11791250>>