diff --git a/script.module.slyguy/addon.xml b/script.module.slyguy/addon.xml index 69c0cb47..13f207c1 100644 --- a/script.module.slyguy/addon.xml +++ b/script.module.slyguy/addon.xml @@ -1,5 +1,5 @@ - + diff --git a/script.module.slyguy/resources/modules/urllib3/_version.py b/script.module.slyguy/resources/modules/urllib3/_version.py index 97f83dc2..97c98330 100644 --- a/script.module.slyguy/resources/modules/urllib3/_version.py +++ b/script.module.slyguy/resources/modules/urllib3/_version.py @@ -1,2 +1,2 @@ # This file is protected via CODEOWNERS -__version__ = "1.26.3" +__version__ = "1.26.4" diff --git a/script.module.slyguy/resources/modules/urllib3/connection.py b/script.module.slyguy/resources/modules/urllib3/connection.py index 9066e6ad..45580b7e 100644 --- a/script.module.slyguy/resources/modules/urllib3/connection.py +++ b/script.module.slyguy/resources/modules/urllib3/connection.py @@ -490,6 +490,10 @@ def _connect_tls_proxy(self, hostname, conn): self.ca_cert_dir, self.ca_cert_data, ) + # By default urllib3's SSLContext disables `check_hostname` and uses + # a custom check. For proxies we're good with relying on the default + # verification. + ssl_context.check_hostname = True # If no cert was provided, use only the default options for server # certificate validation diff --git a/script.module.slyguy/resources/modules/urllib3/util/retry.py b/script.module.slyguy/resources/modules/urllib3/util/retry.py index ee51f922..d25a41b4 100644 --- a/script.module.slyguy/resources/modules/urllib3/util/retry.py +++ b/script.module.slyguy/resources/modules/urllib3/util/retry.py @@ -253,6 +253,7 @@ def __init__( "Using 'method_whitelist' with Retry is deprecated and " "will be removed in v2.0. Use 'allowed_methods' instead", DeprecationWarning, + stacklevel=2, ) allowed_methods = method_whitelist if allowed_methods is _Default: diff --git a/script.module.slyguy/resources/modules/urllib3/util/ssl_.py b/script.module.slyguy/resources/modules/urllib3/util/ssl_.py index 236aa8e6..971b5524 100644 --- a/script.module.slyguy/resources/modules/urllib3/util/ssl_.py +++ b/script.module.slyguy/resources/modules/urllib3/util/ssl_.py @@ -314,12 +314,8 @@ def create_urllib3_context( context.post_handshake_auth = True context.verify_mode = cert_reqs - if ( - getattr(context, "check_hostname", None) is not None - ): # Platform-specific: Python 3.2 - # We do our own verification, including fingerprints and alternative - # hostnames. So disable it here - context.check_hostname = False + # We ask for verification here but it may be disabled in HTTPSConnection.connect + context.check_hostname = cert_reqs == ssl.CERT_REQUIRED # Enable logging of TLS session keys via defacto standard environment variable # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values.