Skip to content

Commit

Permalink
🔖 Release 3.6.7 (#130)
Browse files Browse the repository at this point in the history 
**Fixed**
- CaseInsensitiveDict repr (to string) causing an unexpected error when
upstream have multiple values for a single header. (#129)

**Misc**
- Minor docs typos (#128)
- Reformated error messages in our OCSP module for better readability.
- Added real test cases for our OCSP module to ensure its reliability.
  • Loading branch information
@Ousret
Ousret authored Jun 19, 2024
1 parent 7df6aec commit d2e8efa
Show file tree
Hide file tree
Showing 13 changed files with 192 additions and 102 deletions.
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ repos:
# Run the formatter.
- id: ruff-format
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.9.0
rev: v1.10.0
hooks:
- id: mypy
args: [--check-untyped-defs]
Expand Down
11 changes: 11 additions & 0 deletions HISTORY.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
Release History
===============

3.6.7 (2024-06-19)
------------------

**Fixed**
- CaseInsensitiveDict repr (to string) causing an unexpected error when upstream have multiple values for a single header. (#129)

**Misc**
- Minor docs typos (#128)
- Reformated error messages in our OCSP module for better readability.
- Added real test cases for our OCSP module to ensure its reliability.

3.6.6 (2024-05-27)
------------------

Expand Down
2 changes: 1 addition & 1 deletion docs/api.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Developer Interface
===================

.. module:: requests
.. module:: niquests

This part of the documentation covers all the interfaces of Niquests. For
parts where Niquests depends on external libraries, we document the most
Expand Down
8 changes: 4 additions & 4 deletions docs/user/advanced.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,7 +625,7 @@ set ``stream`` to ``True`` and iterate over the response with
:meth:`~niquests.Response.iter_lines()`::

import json
import requests
import niquests

r = niquests.get('https://httpbin.org/stream/20', stream=True)

Expand Down Expand Up @@ -673,7 +673,7 @@ Proxies
If you need to use a proxy, you can configure individual requests with the
``proxies`` argument to any request method::

import requests
import niquests

proxies = {
'http': 'http://10.10.1.10:3128',
Expand All @@ -685,7 +685,7 @@ If you need to use a proxy, you can configure individual requests with the
Alternatively you can configure it once for an entire
:class:`Session <niquests.Session>`::

import requests
import niquests

proxies = {
'http': 'http://10.10.1.10:3128',
Expand Down Expand Up @@ -724,7 +724,7 @@ to your needs)::
$ export ALL_PROXY="socks5://10.10.1.10:3434"

$ python
>>> import requests
>>> import niquests
>>> niquests.get('http://example.org')

To use HTTP Basic Auth with your proxy, use the `http://user:password@host/`
Expand Down
2 changes: 1 addition & 1 deletion docs/user/quickstart.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ JSON Response Content

There's also a builtin JSON decoder, in case you're dealing with JSON data::

>>> import requests
>>> import niquests

>>> r = niquests.get('https://api.github.com/events')
>>> r.json()
Expand Down
4 changes: 2 additions & 2 deletions src/niquests/__version__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
__url__: str = "https://niquests.readthedocs.io"

__version__: str
__version__ = "3.6.6"
__version__ = "3.6.7"

__build__: int = 0x030606
__build__: int = 0x030607
__author__: str = "Kenneth Reitz"
__author_email__: str = "me@kennethreitz.org"
__license__: str = "Apache-2.0"
Expand Down
83 changes: 49 additions & 34 deletions src/niquests/extensions/_async_ocsp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
from contextlib import asynccontextmanager
from hashlib import sha256
from random import randint
from statistics import mean

from qh3._hazmat import (
OCSPRequest,
Expand Down Expand Up @@ -228,7 +227,7 @@ def rate(self):
delays.append((dt - previous_dt).total_seconds())
previous_dt = dt

return mean(delays) if delays else 0.0
return sum(delays) / len(delays) if delays else 0.0

def check(self, peer_certificate: Certificate) -> OCSPResponse | None:
fingerprint: str = _str_fingerprint_of(peer_certificate)
Expand Down Expand Up @@ -352,18 +351,21 @@ async def verify(
if cached_response.certificate_status == OCSPCertStatus.REVOKED:
r.ocsp_verified = False
raise SSLError(
f"""Unable to establish a secure connection to {r.url} because the certificate has been revoked
by issuer ({readable_revocation_reason(cached_response.revocation_reason) or "unspecified"}).
You should avoid trying to request anything from it as the remote has been compromised.
See https://en.wikipedia.org/wiki/OCSP_stapling for more information."""
(
f"Unable to establish a secure connection to {r.url} because the certificate has been revoked "
f"by issuer ({readable_revocation_reason(cached_response.revocation_reason) or 'unspecified'}). "
'You should avoid trying to request anything from it as the remote has been compromised. ',
"See https://niquests.readthedocs.io/en/latest/user/advanced.html#ocsp-or-certificate-revocation "
"for more information.",
)
)
elif cached_response.certificate_status == OCSPCertStatus.UNKNOWN:
r.ocsp_verified = False
if strict is True:
raise SSLError(
f"""Unable to establish a secure connection to {r.url} because the issuer does not know whether
certificate is valid or not. This error occurred because you enabled strict mode for
the OCSP / Revocation check."""
f"Unable to establish a secure connection to {r.url} because the issuer does not know "
"whether certificate is valid or not. This error occurred because you enabled strict mode "
"for the OCSP / Revocation check."
)
else:
r.ocsp_verified = True
Expand Down Expand Up @@ -468,9 +470,11 @@ async def verify(
if issuer_certificate is None:
if strict:
warnings.warn(
f"""Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP.
You are seeing this warning due to enabling strict mode for OCSP / Revocation check.
Reason: Remote did not provide any intermediaries certificate.""",
(
f"Unable to insure that the remote peer ({r.url}) has a currently valid certificate "
"via OCSP. You are seeing this warning due to enabling strict mode for OCSP / "
"Revocation check. Reason: Remote did not provide any intermediary certificate."
),
SecurityWarning,
)
return
Expand All @@ -486,9 +490,11 @@ async def verify(
except ValueError:
if strict:
warnings.warn(
f"""Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP.
You are seeing this warning due to enabling strict mode for OCSP / Revocation check.
Reason: The X509 OCSP generator failed to assemble the request""",
(
f"Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP. "
"You are seeing this warning due to enabling strict mode for OCSP / Revocation check. "
"Reason: The X509 OCSP generator failed to assemble the request."
),
SecurityWarning,
)
return
Expand All @@ -503,9 +509,11 @@ async def verify(
except RequestException as e:
if strict:
warnings.warn(
f"""Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP.
You are seeing this warning due to enabling strict mode for OCSP / Revocation check.
Reason: {e}""",
(
f"Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP. "
"You are seeing this warning due to enabling strict mode for OCSP / Revocation check. "
f"Reason: {e}"
),
SecurityWarning,
)
return
Expand All @@ -522,9 +530,11 @@ async def verify(
except ValueError:
if strict:
warnings.warn(
f"""Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP.
You are seeing this warning due to enabling strict mode for OCSP / Revocation check.
Reason: The X509 OCSP parser failed to read the response""",
(
f"Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP. "
"You are seeing this warning due to enabling strict mode for OCSP / Revocation check. "
"Reason: The X509 OCSP parser failed to read the response"
),
SecurityWarning,
)
return
Expand All @@ -537,35 +547,40 @@ async def verify(
if ocsp_resp.certificate_status == OCSPCertStatus.REVOKED:
r.ocsp_verified = False
raise SSLError(
f"""Unable to establish a secure connection to {r.url} because the certificate has been revoked
by issuer ({readable_revocation_reason(ocsp_resp.revocation_reason) or "unspecified"}).
You should avoid trying to request anything from it as the remote has been compromised.
See https://en.wikipedia.org/wiki/OCSP_stapling for more information."""
f"Unable to establish a secure connection to {r.url} because the certificate has been revoked "
f"by issuer ({readable_revocation_reason(ocsp_resp.revocation_reason) or 'unspecified'}). "
"You should avoid trying to request anything from it as the remote has been compromised. "
"See https://niquests.readthedocs.io/en/latest/user/advanced.html#ocsp-or-certificate-revocation "
"for more information."
)
if ocsp_resp.certificate_status == OCSPCertStatus.UNKNOWN:
r.ocsp_verified = False
if strict is True:
raise SSLError(
f"""Unable to establish a secure connection to {r.url} because the issuer does not know whether
certificate is valid or not. This error occurred because you enabled strict mode for
the OCSP / Revocation check."""
f"Unable to establish a secure connection to {r.url} because the issuer does not know whether "
"certificate is valid or not. This error occurred because you enabled strict mode for "
"the OCSP / Revocation check."
)
else:
r.ocsp_verified = True
else:
if strict:
warnings.warn(
f"""Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP.
You are seeing this warning due to enabling strict mode for OCSP / Revocation check.
OCSP Server Status: {ocsp_resp.response_status}""",
(
f"Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP. "
"You are seeing this warning due to enabling strict mode for OCSP / Revocation check. "
f"OCSP Server Status: {ocsp_resp.response_status}"
),
SecurityWarning,
)
else:
if strict:
warnings.warn(
f"""Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP.
You are seeing this warning due to enabling strict mode for OCSP / Revocation check.
OCSP Server Status: {str(ocsp_http_response)}""",
(
f"Unable to insure that the remote peer ({r.url}) has a currently valid certificate via OCSP. "
"You are seeing this warning due to enabling strict mode for OCSP / Revocation check. "
f"OCSP Server Status: {str(ocsp_http_response)}"
),
SecurityWarning,
)

Expand Down
Loading

0 comments on commit d2e8efa

Please sign in to comment.