urllib2 ignores opener configuration under certain circumstances

[crazyjurich]

BPO	23166
Nosy	@orsenthil, @benjaminp, @berkerpeksag, @vadmium, @eht16, @FirefighterBlu3
Superseder	bpo-18543: urllib.parse.urlopen shouldn't ignore installed opener when called with any SSL argument
Files	test.py urllib_ssl_auth_test.py: Testcase for HTTP basic auth with disabled SSL cert verification

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2016-01-01.08:14:34.277>
created_at = <Date 2015-01-04.21:13:56.989>
labels = ['type-bug', 'library']
title = 'urllib2 ignores opener configuration under certain circumstances'
updated_at = <Date 2016-01-01.08:14:34.275>
user = 'https://bugs.python.org/crazyjurich'

bugs.python.org fields:

activity = <Date 2016-01-01.08:14:34.275>
actor = 'martin.panter'
assignee = 'none'
closed = True
closed_date = <Date 2016-01-01.08:14:34.277>
closer = 'martin.panter'
components = ['Library (Lib)']
creation = <Date 2015-01-04.21:13:56.989>
creator = 'crazyjurich'
dependencies = []
files = ['37605', '37810']
hgrepos = []
issue_num = 23166
keywords = []
message_count = 7.0
messages = ['233427', '233441', '233477', '233484', '234444', '246129', '257281']
nosy_count = 8.0
nosy_names = ['orsenthil', 'benjamin.peterson', 'Arfrever', 'berker.peksag', 'martin.panter', 'crazyjurich', 'eht16', 'David Ford (FirefighterBlu3)']
pr_nums = []
priority = 'normal'
resolution = 'duplicate'
stage = None
status = 'closed'
superseder = '18543'
type = 'behavior'
url = 'https://bugs.python.org/issue23166'
versions = ['Python 2.7']

[crazyjurich]

Python 2.7.9 has a bug in urllib2.py:urlopen().
It creates HTTPSHandler instances by its own when it should not.
One may have assigned custom openers with subclassed HTTPSHandler or HTTPSHandler instance with debug enabled or etc.

[berkerpeksag]

Thanks for the report. Could you provide an example to reproduce the issue you described?

[crazyjurich]

Attached a script demonstrating two failing cases

[benjaminp]

I guess there needs to be some generic way to pass ssl information to handlers.

[eht16]

I got the same error suddenly with Python 2.7.9.

I think this is quite unfortunate because it somewhat breaks existing behaviour, especially that SSL certificate verification is enabled by default.
Don't get me wrong, this is the right thing in general and it is important. Still, adding this feature in a 2.7 patch level release and enabling it by default feels quite hard.
I guess this will break many scripts and applications which rely on non-verification of SSL certs (which is bad but it was the exisiting behaviour).

Anyway, attached is my use case where I use a HTTPS request coupled with HTTP basic authentication and disabled SSL cert verification.
As described above, passing a context to urlopen() will override previously configured handlers, unfortunately.

In the attached script there is also a workaround which works for me by not using urlopen() but instead calling opener.open() manually after adding the necessary handlers myself.
Not nice but works for the moment.

[FirefighterBlu3]

I've made a patch for 3.4 that addresses this issue. See bpo-18543, latest patch, and test file

[vadmium]

I think these are essentially the same problem. It defeats any custom installed opener, not just custom HTTPS handlers.