script.module.slyguy > v0.30.3

matthuisman · May 17, 2021 · a11176b · a11176b
1 parent 5db14d8
commit a11176b
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 8 deletions.
diff --git a/script.module.slyguy/addon.xml b/script.module.slyguy/addon.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<addon id="script.module.slyguy" name="SlyGuy Common" provider-name="SlyGuy" version="0.30.2">
+<addon id="script.module.slyguy" name="SlyGuy Common" provider-name="SlyGuy" version="0.30.3">
   <requires>
     <import addon="repository.slyguy"/>
   </requires>

diff --git a/script.module.slyguy/resources/modules/urllib3/_version.py b/script.module.slyguy/resources/modules/urllib3/_version.py
@@ -1,2 +1,2 @@
 # This file is protected via CODEOWNERS
-__version__ = "1.26.3"
+__version__ = "1.26.4"
diff --git a/script.module.slyguy/resources/modules/urllib3/connection.py b/script.module.slyguy/resources/modules/urllib3/connection.py
@@ -490,6 +490,10 @@ def _connect_tls_proxy(self, hostname, conn):
             self.ca_cert_dir,
             self.ca_cert_data,
         )
+        # By default urllib3's SSLContext disables `check_hostname` and uses
+        # a custom check. For proxies we're good with relying on the default
+        # verification.
+        ssl_context.check_hostname = True
 
         # If no cert was provided, use only the default options for server
         # certificate validation

diff --git a/script.module.slyguy/resources/modules/urllib3/util/retry.py b/script.module.slyguy/resources/modules/urllib3/util/retry.py
@@ -253,6 +253,7 @@ def __init__(
                 "Using 'method_whitelist' with Retry is deprecated and "
                 "will be removed in v2.0. Use 'allowed_methods' instead",
                 DeprecationWarning,
+                stacklevel=2,
             )
             allowed_methods = method_whitelist
         if allowed_methods is _Default:

diff --git a/script.module.slyguy/resources/modules/urllib3/util/ssl_.py b/script.module.slyguy/resources/modules/urllib3/util/ssl_.py
@@ -314,12 +314,8 @@ def create_urllib3_context(
         context.post_handshake_auth = True
 
     context.verify_mode = cert_reqs
-    if (
-        getattr(context, "check_hostname", None) is not None
-    ):  # Platform-specific: Python 3.2
-        # We do our own verification, including fingerprints and alternative
-        # hostnames. So disable it here
-        context.check_hostname = False
+    # We ask for verification here but it may be disabled in HTTPSConnection.connect
+    context.check_hostname = cert_reqs == ssl.CERT_REQUIRED
 
     # Enable logging of TLS session keys via defacto standard environment variable
     # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values.