Allow legacy renegotiation, and failing redirect detection

[danchr]

When trying out OpenConnect SSO on my Mac using OpenSSL 3, I get the follow error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='<redacted>', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:992)')))

I addressed this by using setting the relevant flag on the SSL context. In addition, the redirect detection seemed to fail, so I suppressed the error and issued a warning instead. With those changes, I was able to connect to the VPN in question.

(This is replacement for #124 that targets master. I haven't actually tested this branch, as I don't have PyQt6 installed at the moment.)

Fixes #81.

[vlaci]

Why do you need to set verify=False for the redirect detection?

[danchr]

Why do you need to set verify=False for the redirect detection?

To be honest, I don't remember the details… I tried again, and it seems to work without it, so I've dropped the change 🙂

[danchr]

Could you take another look at this one, @vlaci? It'd be great to get it in 🙂

[IlyaChizhanov]

I also received this error. I fixed it with your patch. It would be nice if this were merged.

[IlyaChizhanov]

This problem is definitely related to urllib3/urllib3#2653