-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forbid use of cadata arg in pyOpenSSL backend #1885
Comments
Hmm, this is a tricky one, thanks for pointing this out. As you said, pyOpenSSL does not support cadata, and only accepts cafile (a file path) or capath (a directory path). While we could write the data in a temporary file, I don't think urllib3 shoud write any kind of data to the filesystem. I think the best option is here is to refuse to handle the @sethmlarson @sigmavirus24 Thoughts? |
Agreed
Makes sense to me |
I'm also in agreement here, no filesystem hacks instead fail loudly. |
@MarSoft Would you be interested in working on this? |
pyOpenSSL is deprecated and will be removed in future release version 2.x (#2691). |
The class
urllib3.contrib.pyopenssl.PyOpenSSLContext
as aload_verify_locations()
method. This method acceptscadata
as its third parameter.If this parameter is given then it wraps the provided certificate data in
io.BytesIO()
and passes toOpenSSL.SSL.Context.load_verify_locations()
ascafile
param.But
OpenSSL.SSL.Context.load_verify_locations
does not support a file-like object forcafile
param, it expects only file path.This seems to break intentions of #1804.
The text was updated successfully, but these errors were encountered: