| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported in #117847 and #115366, an unpaired backtick in a docstring
tends to confuse e.g. Sphinx running on subclasses of standard library
objects, and the typographic style of using a backtick as an opening
quote is no longer in favor. Convert almost all uses of the form
The variable `foo' should do xyz
to
The variable 'foo' should do xyz
and also fix up miscellaneous other unpaired backticks (extraneous /
missing characters).
No functional change is intended here other than in human-readable
docstrings.
|
| |
|
|
|
|
| |
Update _get_hostport to always remove square brackets
from IPv6 addresses. Then add them if needed
in "CONNECT .." and "Host: ".
|
| |
|
|
| |
reading all data (GH-113200)
|
| |
|
|
|
|
|
| |
Omit the `@interface_scope` from an IPv6 address when used as Host header by `http.client`.
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google LLC]
|
| |
|
|
| |
`HTTPConnection.get_proxy_response_headers` (#105628)
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
(#104248)
Add http.client.HTTPConnection method get_proxy_response_headers() - this is a followup to https://github.com/python/cpython/pull/26152 which added it as a non-public attribute. This way we don't pre-compute a headers dictionary that most users will never access. The new method is properly public and documented and triggers full proxy header parsing into a dict only when actually called.
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
| |
Add _proxy_response_headers attribute to HTTPConnection (#26152)
---------
Co-authored-by: Senthil Kumaran <senthil@python.org>
|
| |
|
|
|
|
|
|
| |
Avoid a potential `ResourceWarning` in `http.client.HTTPConnection`
by closing the proxy / tunnel's CONNECT response explicitly.
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-22708: Upgrade HTTP CONNECT to protocol HTTP/1.1 (GH-NNNN)
Use protocol HTTP/1.1 when sending HTTP CONNECT tunnelling requests;
generate Host: headers if one is not already provided (required by
HTTP/1.1), convert IDN domains to punycode in HTTP CONNECT requests.
* Refactor tests to pass under -bb (fix ByteWarnings); missed some lines >80.
* Use consistent 'tunnelling' spelling in Lib/http/client.py
* Lib/test/test_httplib: Remove remnant of obsoleted test.
* Use dict.copy() not copy.copy()
* fix version changed
* Update Lib/http/client.py
Co-authored-by: bgehman <bgehman@users.noreply.github.com>
* Switch to for/else: syntax, as suggested
* Don't use for: else:
* Sure, fine, w/e
* Oops
* 1nm to the left
---------
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: bgehman <bgehman@users.noreply.github.com>
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
|
| |
|
|
|
|
|
| |
(#103113)
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Éric <merwok@netwok.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove the keyfile, certfile and check_hostname parameters,
deprecated since Python 3.6, in modules: ftplib, http.client,
imaplib, poplib and smtplib. Use the context parameter (ssl_context
in imaplib) instead.
Parameters following the removed parameters become keyword-only
parameters.
ftplib: Remove the FTP_TLS.ssl_version class attribute: use the
context parameter instead.
|
| |
|
|
|
| |
Reindent files which were not properly formatted (PEP 8: 4 spaces).
Remove also some trailing spaces.
|
| |
|
|
|
|
|
|
|
|
|
| |
The urllib.request no longer uses the deprecated check_hostname
parameter of the http.client module.
Add private http.client._create_https_context() helper to http.client,
used by urllib.request.
Remove the now redundant check on check_hostname and verify_mode in
http.client: the SSLContext.check_hostname setter already implements
the check.
|
| |
|
| |
Automerge-Triggered-By: GH:asvetlov
|
| |
|
|
|
| |
Operating systems without support for TCP_NODELAY will raise an OSError
when trying to set the socket option, but the show can still go on.
|
| |
|
|
|
|
|
| |
Continue (GH-25916)
Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
| |
Add audit events to the `http.client` module
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
| |
We now buffer the CONNECT request + tunnel HTTP headers into a single
send call. This prevents the OS from generating multiple network
packets for connection setup when not necessary, improving efficiency.
|
| | |
|
| |
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
| |
reject control chars in http method in http.client.putrequest to prevent http header injection
|
| |
|
|
|
| |
I've done the implementation for both non-chunked and chunked reads. I haven't benchmarked chunked reads because I don't currently have a convenient way to generate a high-bandwidth chunked stream, but I don't see any reason that it shouldn't enjoy the same benefits that the non-chunked case does. I've used the benchmark attached to the bpo bug to verify that performance now matches the unsized read case.
Automerge-Triggered-By: @methane
|
| |
|
|
| |
Add host validation for control characters for more CVE-2019-18348 protection.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
encoding behavior (GH-16448)
* bpo-38216: Allow bypassing input validation
* bpo-36274: Also allow the URL encoding to be overridden.
* bpo-38216, bpo-36274: Add tests demonstrating a hook for overriding validation, test demonstrating override encoding, and a test to capture expectation of the interface for the URL.
* Call with skip_host to avoid tripping on the host checking in the URL.
* Remove obsolete comment.
* Make _prepare_path_encoding its own attr.
This makes overriding just that simpler.
Also, don't use the := operator to make backporting easier.
* Add a news entry.
* _prepare_path_encoding -> _encode_prepared_path()
* Once again separate the path validation and request encoding, drastically simplifying the behavior. Drop the guarantee that all processing happens in _prepare_path.
|
| |
|
|
|
|
| |
Post-handshake authentication is required for conditional client cert authentication with TLS 1.3.
https://bugs.python.org/issue37440
|
| |
|
|
| |
Classes that define __str__ the same as __repr__ can
just inherit it from object.
|
| |
|
| |
Use http.client.InvalidURL instead of ValueError as the new error case's exception.
|
| |
|
| |
Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
|
| |
|
|
| |
* No need to chunking for now.
* No need to partial read caused by EINTR for now.
|
| | |
|
| |
|
|
|
| |
with debuglevel=1 only the header keys got printed. With
this change the header values get printed as well and the single
header entries get '\n' as a separator.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bpo-31399: Let OpenSSL verify hostname and IP
The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.
* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
* Fix multiple typos in code comments
* Add spacing in comments (test_logging.py, test_math.py)
* Fix spaces at the beginning of comments in test_logging.py
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
blocksize was hardcoded to 8192, preventing efficient upload when using
file-like body. Add blocksize argument to __init__, so users can
configure the blocksize to fit their needs.
I tested this uploading data from /dev/zero to a web server dropping the
received data, to test the overhead of the HTTPConnection.send() with a
file-like object.
Here is an example 10g upload with the default buffer size (8192):
$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 17.53 seconds (584.00m/s)
real 0m17.574s
user 0m8.887s
sys 0m5.971s
Same with 512k blocksize:
$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 6.60 seconds (1551.15m/s)
real 0m6.641s
user 0m3.426s
sys 0m2.162s
In real world usage the difference will be smaller, depending on the
local and remote storage and the network.
See https://github.com/nirs/http-bench for more info.
|
| | |
|
| |
|
|
| |
collections. (#1263)
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.
ssl.wrap_socket() is not marked as deprecated yet.
|
| |
|
|
| |
but not in the expressions. Also, require expressions to begin and end with literal curly braces.
|
| |\
| |
| |
| | |
documentation consistent with the code.
|
| | |
| |
| |
| | |
consistent with the code.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
And most of the tools.
Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
The previous attempt to determine the file’s Content-Length gave a false
positive for pipes on Windows.
Also, drop the special case for sending zero-length iterable bodies.
|
