New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proxies should use proxy_ssl_context when connecting via ProxyConfig.use_forwarding_with_https = True #2577
Comments
Use proxy_ssl_context when fowarding to both a HTTPS destination (which occurs when use_forwarding_for_https=True) and to a HTTP destination. Raise an exception if both a proxy_ssl_context and a ssl_context are provided when use_forwarding_for_https=True. Add tests to verify these cases and modify test_proxy_https_target_tls_error in test_proxy_poolmanager to account for this new behavior. Fixes urllib3#2577
Use proxy_ssl_context when fowarding to both a HTTPS destination (which occurs when use_forwarding_for_https=True) and to a HTTP destination. Raise a warning if both a proxy_ssl_context and a ssl_context are provided when use_forwarding_for_https=True. Add tests to verify these cases and modify test_proxy_https_target_tls_error in test_proxy_poolmanager to account for this new behavior. Addresses urllib3#2577
Raise an exception if both a proxy_ssl_context and a ssl_context are provided when use_forwarding_for_https=True, instead of only raising a warning. Modify tests to account for change. Resolves urllib3#2577
Raise an exception if both a proxy_ssl_context and a ssl_context are provided when use_forwarding_for_https=True, instead of only raising a warning. Modify tests to account for change. Resolves urllib3#2577
Hi @sethmlarson have this issue been fixed ?
|
You will need a pull request with tests before we can review your code. |
OK @pquentin noted I'll work on that also |
OK yeah, I see that |
Hey @abebeos , I only ever got as far as adding the ValueError exception and a unit test for it. I'm not going to be finishing this change so feel free to reuse anything that's useful off my draft PR. |
This was discovered in #2558 and discussed with @jalopezsilva on Discord. The gist is it appears that we're using
HTTPSConnection.ssl_context
to connect to HTTPS proxies when usinguse_forwarding_with_https = True
mode. This is likely caused by us treating the proxy like it's the origin when we have proxies in "forwarding" mode and previously we didn't have a forwarding mode for HTTPS.Minimum requirements
💵 You can get paid to complete this issue! Please read the docs for more information.
ProxyConfig.use_forwarding_with_https = True
andssl_context
is specified:proxy_ssl_context
is specified then error out withValueError
proxy_ssl_context
isn't specified:DeprecationWarning
instructing to switch toproxy_ssl_context
and set the value ofssl_context
toproxy_ssl_context
ValueError
thatproxy_ssl_context
should be used, notssl_context
.proxy_ssl_context
should be used for creating the connection to proxies in all modes (HTTP->HTTPS, HTTPS->HTTP, HTTPS->HTTPS, in forwarding/tunnel modes).test_proxy_https_target_tls_error
added in 9f4d05cThe text was updated successfully, but these errors were encountered: