diff --git a/lib/urllib3/_version.py b/lib/urllib3/_version.py index fa8979d7..d905b697 100644 --- a/lib/urllib3/_version.py +++ b/lib/urllib3/_version.py @@ -1,2 +1,2 @@ # This file is protected via CODEOWNERS -__version__ = "1.26.8" +__version__ = "1.26.9" diff --git a/lib/urllib3/connection.py b/lib/urllib3/connection.py index 4d92ac6d..7bf395bd 100644 --- a/lib/urllib3/connection.py +++ b/lib/urllib3/connection.py @@ -355,17 +355,15 @@ class HTTPSConnection(HTTPConnection): def connect(self): # Add certificate verification - conn = self._new_conn() + self.sock = conn = self._new_conn() hostname = self.host tls_in_tls = False if self._is_using_tunnel(): if self.tls_in_tls_required: - conn = self._connect_tls_proxy(hostname, conn) + self.sock = conn = self._connect_tls_proxy(hostname, conn) tls_in_tls = True - self.sock = conn - # Calls self._set_hostport(), so self.host is # self._tunnel_host below. self._tunnel() diff --git a/lib/urllib3/poolmanager.py b/lib/urllib3/poolmanager.py index 3a31a285..ca4ec341 100644 --- a/lib/urllib3/poolmanager.py +++ b/lib/urllib3/poolmanager.py @@ -34,6 +34,7 @@ SSL_KEYWORDS = ( "ca_cert_dir", "ssl_context", "key_password", + "server_hostname", ) # All known keyword arguments that could be provided to the pool manager, its diff --git a/lib/urllib3/response.py b/lib/urllib3/response.py index 38693f4f..fdb50ddb 100644 --- a/lib/urllib3/response.py +++ b/lib/urllib3/response.py @@ -8,7 +8,10 @@ from socket import error as SocketError from socket import timeout as SocketTimeout try: - import brotli + try: + import brotlicffi as brotli + except ImportError: + import brotli except ImportError: brotli = None diff --git a/lib/urllib3/util/request.py b/lib/urllib3/util/request.py index 25103383..b574b081 100644 --- a/lib/urllib3/util/request.py +++ b/lib/urllib3/util/request.py @@ -14,7 +14,10 @@ SKIPPABLE_HEADERS = frozenset(["accept-encoding", "host", "user-agent"]) ACCEPT_ENCODING = "gzip,deflate" try: - import brotli as _unused_module_brotli # noqa: F401 + try: + import brotlicffi as _unused_module_brotli # noqa: F401 + except ImportError: + import brotli as _unused_module_brotli # noqa: F401 except ImportError: pass else: diff --git a/lib/urllib3/util/ssl_match_hostname.py b/lib/urllib3/util/ssl_match_hostname.py index a4b4a569..1dd950c4 100644 --- a/lib/urllib3/util/ssl_match_hostname.py +++ b/lib/urllib3/util/ssl_match_hostname.py @@ -112,11 +112,9 @@ def match_hostname(cert, hostname): try: # Divergence from upstream: ipaddress can't handle byte str host_ip = ipaddress.ip_address(_to_unicode(hostname)) - except ValueError: - # Not an IP address (common case) - host_ip = None - except UnicodeError: - # Divergence from upstream: Have to deal with ipaddress not taking + except (UnicodeError, ValueError): + # ValueError: Not an IP address (common case) + # UnicodeError: Divergence from upstream: Have to deal with ipaddress not taking # byte strings. addresses should be all ascii, so we consider it not # an ipaddress in this case host_ip = None @@ -124,7 +122,7 @@ def match_hostname(cert, hostname): # Divergence from upstream: Make ipaddress library optional if ipaddress is None: host_ip = None - else: + else: # Defensive raise dnsnames = [] san = cert.get("subjectAltName", ()) diff --git a/requirements.txt b/requirements.txt index 58fe21b6..99f8033e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -45,7 +45,7 @@ tempora==5.0.1 tokenize-rt==4.2.1 tzdata==2022.1 tzlocal==4.2 -urllib3==1.26.8 +urllib3==1.26.9 webencodings==0.5.1 websocket-client==1.2.3 xmltodict==0.12.0