diff options
Diffstat (limited to 'python3/httplib2')
-rw-r--r-- | python3/httplib2/__init__.py | 41 | ||||
-rw-r--r-- | python3/httplib2/socks.py | 22 |
2 files changed, 44 insertions, 19 deletions
diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py index 8b64c41..4312f30 100644 --- a/python3/httplib2/__init__.py +++ b/python3/httplib2/__init__.py @@ -15,7 +15,7 @@ __contributors__ = [ "Alex Yu", ] __license__ = "MIT" -__version__ = '0.12.1' +__version__ = '0.14.0' import base64 import calendar @@ -173,9 +173,9 @@ DEFAULT_TLS_VERSION = getattr(ssl, "PROTOCOL_TLS", None) or getattr( ssl, "PROTOCOL_SSLv23" ) - def _build_ssl_context( - disable_ssl_certificate_validation, ca_certs, cert_file=None, key_file=None + disable_ssl_certificate_validation, ca_certs, cert_file=None, key_file=None, + maximum_version=None, minimum_version=None, ): if not hasattr(ssl, "SSLContext"): raise RuntimeError("httplib2 requires Python 3.2+ for ssl.SSLContext") @@ -185,6 +185,19 @@ def _build_ssl_context( ssl.CERT_NONE if disable_ssl_certificate_validation else ssl.CERT_REQUIRED ) + # SSLContext.maximum_version and SSLContext.minimum_version are python 3.7+. + # source: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.maximum_version + if maximum_version is not None: + if hasattr(context, "maximum_version"): + context.maximum_version = getattr(ssl.TLSVersion, maximum_version) + else: + raise RuntimeError("setting tls_maximum_version requires Python 3.7 and OpenSSL 1.1 or newer") + if minimum_version is not None: + if hasattr(context, "minimum_version"): + context.minimum_version = getattr(ssl.TLSVersion, minimum_version) + else: + raise RuntimeError("setting tls_minimum_version requires Python 3.7 and OpenSSL 1.1 or newer") + # check_hostname requires python 3.4+ # we will perform the equivalent in HTTPSConnectionWithTimeout.connect() by calling ssl.match_hostname # if check_hostname is not supported. @@ -986,6 +999,10 @@ class ProxyInfo(object): proxy_headers: Additional or modified headers for the proxy connect request. """ + if isinstance(proxy_user, str): + proxy_user = proxy_user.encode() + if isinstance(proxy_pass, str): + proxy_pass = proxy_pass.encode() self.proxy_type, self.proxy_host, self.proxy_port, self.proxy_rdns, self.proxy_user, self.proxy_pass, self.proxy_headers = ( proxy_type, proxy_host, @@ -1123,7 +1140,7 @@ class HTTPConnectionWithTimeout(http.client.HTTPConnection): raise ProxiesUnavailableError( "Proxy support missing but proxy use was requested!" ) - if self.proxy_info and self.proxy_info.isgood(): + if self.proxy_info and self.proxy_info.isgood() and self.proxy_info.applies_to(self.host): use_proxy = True proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers = ( self.proxy_info.astuple() @@ -1226,6 +1243,8 @@ class HTTPSConnectionWithTimeout(http.client.HTTPSConnection): proxy_info=None, ca_certs=None, disable_ssl_certificate_validation=False, + tls_maximum_version=None, + tls_minimum_version=None, ): self.disable_ssl_certificate_validation = disable_ssl_certificate_validation @@ -1236,7 +1255,8 @@ class HTTPSConnectionWithTimeout(http.client.HTTPSConnection): self.proxy_info = proxy_info("https") context = _build_ssl_context( - self.disable_ssl_certificate_validation, self.ca_certs, cert_file, key_file + self.disable_ssl_certificate_validation, self.ca_certs, cert_file, key_file, + maximum_version=tls_maximum_version, minimum_version=tls_minimum_version, ) super(HTTPSConnectionWithTimeout, self).__init__( host, @@ -1384,6 +1404,8 @@ class Http(object): proxy_info=proxy_info_from_environment, ca_certs=None, disable_ssl_certificate_validation=False, + tls_maximum_version=None, + tls_minimum_version=None, ): """If 'cache' is a string then it is used as a directory name for a disk cache. Otherwise it must be an object that supports the @@ -1407,10 +1429,15 @@ class Http(object): If disable_ssl_certificate_validation is true, SSL cert validation will not be performed. + + tls_maximum_version / tls_minimum_version require Python 3.7+ / + OpenSSL 1.1.0g+. A value of "TLSv1_3" requires OpenSSL 1.1.1+. """ self.proxy_info = proxy_info self.ca_certs = ca_certs self.disable_ssl_certificate_validation = disable_ssl_certificate_validation + self.tls_maximum_version = tls_maximum_version + self.tls_minimum_version = tls_minimum_version # Map domain name to an httplib connection self.connections = {} # The location of the cache, for now a directory @@ -1753,6 +1780,8 @@ a string that contains the response entity body. proxy_info=self.proxy_info, ca_certs=self.ca_certs, disable_ssl_certificate_validation=self.disable_ssl_certificate_validation, + tls_maximum_version=self.tls_maximum_version, + tls_minimum_version=self.tls_minimum_version, ) else: conn = self.connections[conn_key] = connection_type( @@ -1761,6 +1790,8 @@ a string that contains the response entity body. proxy_info=self.proxy_info, ca_certs=self.ca_certs, disable_ssl_certificate_validation=self.disable_ssl_certificate_validation, + tls_maximum_version=self.tls_maximum_version, + tls_minimum_version=self.tls_minimum_version, ) else: conn = self.connections[conn_key] = connection_type( diff --git a/python3/httplib2/socks.py b/python3/httplib2/socks.py index 24235df..2926b4e 100644 --- a/python3/httplib2/socks.py +++ b/python3/httplib2/socks.py @@ -206,13 +206,7 @@ class socksocket(socket.socket): return "\r\n".join(hdrs) def __getauthheader(self): - username = self.__proxy[4] - password = self.__proxy[5] - if isinstance(username, str): - username = username.encode() - if isinstance(password, str): - password = password.encode() - auth = username + b":" + password + auth = self.__proxy[4] + b":" + self.__proxy[5] return "Proxy-Authorization: Basic " + base64.b64encode(auth).decode() def setproxy( @@ -273,13 +267,13 @@ class socksocket(socket.socket): elif chosenauth[1:2] == chr(0x02).encode(): # Okay, we need to perform a basic username/password # authentication. - self.sendall( - chr(0x01).encode() - + chr(len(self.__proxy[4])) - + self.__proxy[4] - + chr(len(self.__proxy[5])) - + self.__proxy[5] - ) + packet = bytearray() + packet.append(0x01) + packet.append(len(self.__proxy[4])) + packet.extend(self.__proxy[4]) + packet.append(len(self.__proxy[5])) + packet.extend(self.__proxy[5]) + self.sendall(packet) authstat = self.__recvall(2) if authstat[0:1] != chr(0x01).encode(): # Bad response |