-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate HTTPConnection.auto_open #2775
Comments
Your suspicion is correct!
#369 added
Yes. This CPython bug was then fixed as part of BPO 7776 by python/cpython@9da047b which went to Python 3.4.1 and was backported to Python 2.7.7. That change caused a regression in urllib3 that was fixed in #385 and 4fb351c. I found this difficult to follow given the two changes, so here is the full diff: diff --git a/urllib3/connection.py b/urllib3/connection.py
index 45bef659..5feb3322 100644
--- a/urllib3/connection.py
+++ b/urllib3/connection.py
@@ -168,21 +168,25 @@ class VerifiedHTTPSConnection(HTTPSConnection):
resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs)
resolved_ssl_version = resolve_ssl_version(self.ssl_version)
- # the _tunnel_host attribute was added in python 2.6.3 (via
- # http://hg.python.org/cpython/rev/0f57b30a152f) so pythons 2.6(0-2) do
- # not have them.
+ hostname = self.host
if getattr(self, '_tunnel_host', None):
+ # _tunnel_host was added in Python 2.6.3
+ # (See: http://hg.python.org/cpython/rev/0f57b30a152f)
+
self.sock = sock
# Calls self._set_hostport(), so self.host is
# self._tunnel_host below.
self._tunnel()
+ # Override the host with the one we're requesting data from.
+ hostname = self._tunnel_host
+
# Wrap socket using verification with the root certs in
# trusted_root_certs
self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file,
cert_reqs=resolved_cert_reqs,
ca_certs=self.ca_certs,
- server_hostname=self.host,
+ server_hostname=hostname,
ssl_version=resolved_ssl_version)
if resolved_cert_reqs != ssl.CERT_NONE:
@@ -191,7 +195,7 @@ class VerifiedHTTPSConnection(HTTPSConnection):
self.assert_fingerprint)
elif self.assert_hostname is not False:
match_hostname(self.sock.getpeercert(),
- self.assert_hostname or self.host)
+ self.assert_hostname or hostname)
if ssl: We used to rely on the mutation because we wanted to know the hostname of the target origin, which is why we needed that fix.
Yes, given we don't support any CPython version with the bug anymore. Pull request incoming.
Actually, we do have a test: #363 added test_connect_reconn. I confirmed that it does cover the
|
It is no longer needed as HTTPConnection no longer mutates host and port. See #2775 for full info.
@pquentin Thank you for all the digging, this is excellent! 🚀 |
urllib3 makes multiple mentions to a property on
http.client.HTTPConnection
calledauto_open
. The property isn't used much in the current stdlibhttp.client
module, but has some implications for urllib3: mainly that connections may not be re-used based on this value?In
urllib3.connection.py
:In
urllib3.connectionpool.py
:I suspect that
http.client.HTTPConnection._tunnel()
in the past may have rewritten.host
and.port
properties or something like this and this was our method of "guarding" against that? Currentlyhost
andport
properties on a connection point to the first origin (read: proxy) on a requests' journey to the destination origin.The text was updated successfully, but these errors were encountered: